Re: [exim] Client Certificate Authentication

Top Page
Delete this message
Reply to this message
Author: Matthias-Christian Ott
Date:  
To: exim-users
Subject: Re: [exim] Client Certificate Authentication
On Tue, Nov 23, 2010 at 01:55:36PM -0500, Phil Pennock wrote:
> On 2010-11-22 at 23:14 +0100, Matthias-Christian Ott wrote:
> > for fail-over I want to add a spooling relay to an existing Exim
> > server. I would prefer to useauthentication via client certificates. Is
> > this possible with Exim?
>
> Yes. Use the tls_certificate and tls_privatekey options on the SMTP
> Transport used. There are other relevant options too. See:
> 30.4 Private options for smtp
> 39.9 Configuring an Exim client to use TLS
> of The Exim Specification, "spec.txt" or online at:
> http://www.exim.org/exim-html-current/doc/html/spec_html/index.html


This is not what I was looking for. I'm already using TLS and
tls_verify_certificates doesn't solve my problem because it seems to me
that I have to keep all client certifcates on the actual mail server in a
directory.

I would like to sign the server and the client (relay) certificate
by a CA and store the CA certificate on the server and instruct the
server to accept only messages from relays which provide a certificate
which is signed by the server (similar to OpenID client certificate
authentication).

Regards,
Matthias-Christian