Re: [exim] how to config SSL

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Robin Peng
Datum:  
To: exim-users
Betreff: Re: [exim] how to config SSL
Thanks Sven Hartge,I already config successfully.


于 2012-7-13 17:35, Sven Hartge 写道:
> Robin Peng <robin.peng@???> wrote:
>> Hi all
>> I bought a SSL certificate (comodo),and config SSL as below:
>> ------------------------------------------------------------------
>> tls_advertise_hosts = *
>> tls_require_ciphers = SSLv3:TLS
>> tls_verify_certificates = /etc/ssl/comodo/CA.crt
> You don't need this, only if you want to verify _clients_ using this CA.
>
>> tls_certificate = /etc/ssl/comodo/server.crt
> Your certificate should contain _the whole chain_ up to the root
> certificate of the CA.
>
> I.e. the first certificate in that file is your certificace, then any
> intermediate certs in the correct order and last the root-CA cert.
>
> Just use "cat" to append them all to one file.
>
>> $ openssl s_client -connect mail.saybot.com:smtps
> openssl will always tell you it cannot verify the certificates, unless
> you manuall specify the directory (or file) where your CA certs reside
> on your system:
>
> openssl s_client -CApath /etc/ssl/certs -connect mail.saybot.com:smtps
>
> (or -CAfile /etc/ssl/ca-certificates.crt or any other file with a
> collection of CA certs inside).
>
> Grüße,
> Sven.
>