Author: Adam Spragg Date: To: exim-users Subject: [exim] Exim SSL/TLS certificate key file permissions/password?
Hi Exim Users,
I'm looking into getting Exim to use a TLS certificate.
Looking through the documentation, it seems that the private key file for the
certificate needs to have read access by the relevant exim group, and also
must not be password protected.
Is this really the case? Is there no way to have a well-secured private key
file, password-protected and only readable by user root? Apache and Dovecot
manage this by reading the file on startup, before dropping privileges and
changing to their "normal" uid, and asking for the password on the console. Is
Exim not able to work this way as well?
I'm not happy having an unprotected private key lying about anywhere, even if
its permissions were 0400 - let alone 0440 as Exim requires.
If Exim isn't able to do this, does anyone know if there are any plans for it
in the future?