On 2012-03-07 at 15:46 -0500, Norman Walsh wrote:
> Except that apparently I'm inconveniencing the IT folks by not
> authenticating to mail.myemployer.com with a cert. I expect that's
> running some flavor of Microsoft Exchange but I could be wrong.
>
> I've got the .p12 cert I'm supposed to use and I've poked around on
> the web looking for how to configure exim to do this with no success.
In short:
(1) Convert .p12 to separate private key and public key files
(2) Configure the SMTP Transport used by Exim, for this connection,
with the "tls_certificate" and "tls_privatekey" options.
Beware that the tls_certificate & tls_privatekey options exist as both
main section configuration (for Exim as server) and as SMTP Transport
options, for Exim as client. Both options are expanded strings.
For step 1, assuming OpenSSL: "man pkcs12" and use "openssl pkcs12" with
appropriate options to parse the .p12 file and create PEM-encoded files.
Either invoke twice with -nocerts once and -nokeys once, or invoke once
and manually copy the resulting file to have two copies and delete the
key from one and the cert from the other.
-Phil
