Re: [exim] SSL Certificates and EXIM

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Kjetil Torgrim Homme
Date:  
À: Brent Clark
CC: Exim-Users \(E-mail\)
Sujet: Re: [exim] SSL Certificates and EXIM
On ons, 2004-10-06 at 17:36 +0200, Brent Clark wrote:
> Does anyone have link, URL, etc for full explantion, in lamens terms, a
> description of using SSL cerificates with Exim4.
>
> I basically want to know as much as I can from creating the cert (i have
> seen a few examples from google) to installing the cert on the Exim
> mailserver and my mail clients, users. Basically the full ins and outs


you can use the same method as for a web server to create the
certificate. the key is that the Common Name (cn) points to the name of
your e-mail server, e.g., "mail.rocketseed.us".

here's the relevant snippet from our exim.conf. our servers listen on
several IP-addresses, hence the slightly obfuscated tls_advertise_hosts.
for most people, just * is enough.

# We only have a certificate for smtp.uio.no, so don't advertise
# TLS when people connect elsewhere.
tls_advertise_hosts = ${if eq {$interface_address}{129.240.10.9} {*} {}}
tls_certificate = /etc/exim/cert/smtp.cert.pem
tls_privatekey = /etc/exim/cert/smtp.key.pem


note that we don't have a passphrase on the private key, since I don't
much like to have to be on-site to type a pass phrase whenever a server
restarts...

read the documentation, the option names are good starting points :-)
--
Kjetil T.