Re: [Exim] SSL cert request signed by Microsoft CA for Exim …

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Philip Hazel
Dátum:  
Címzett: Erik Bussink
CC: exim-users
Tárgy: Re: [Exim] SSL cert request signed by Microsoft CA for Exim 4.10 with TLS
On Tue, 10 Sep 2002, Erik Bussink wrote:

> This is a bit off-topic, but I could not find much information about
> signing OpenSSL generated certificates with a Microsoft (Win2000 server)
> Certificate Authority and using these signed certificate for the TLS
> support in Exim 4.10. So here are the steps I followed to get a
> successfull result. There might be a better way, or easier one, but
> this has worked for me.


Erik, from what you wrote, I think you probably know more about all this
stuff than most people on this list, and you certainly know a lot more
about it than I do.

> One question I'm still considering, and I haven't found on this
> mailing list or in some documentation, would it be possible to get
> EXIM to TLS encrypt outgoing SMTP connections with remote SMTP
> servers ?


Yes, it's possible (provided the servers support it, of course). Look at
the hosts_avoid_tls and hosts_require_tls options of the smtp transport.

> I understand that my EXIM server will not have the remote's
> TLS certificate, but does it really matter ?


Only if you care about verifying the client's identity.

> I think encrypting the
> SMTP traffic would be a nicer than having normal cleartext traffic.


Remember that not all clients support TLS.

Philip

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.