Autor: Ian Eiloart Data: Dla: Jon Gerdes CC: exim-users@exim.org Temat: Re: [exim] Advertising TLS
> On 3 Nov 2015, at 14:52, Jon Gerdes <gerdesj@???> wrote:
>
> Generating a self signed certificate at install time could be fraught
> with problems: what if there is an insecure OpenSSL/LibreSSL/whatever
> library installed and used?
Rather than use a self-signed certificate, why not use LetsEncrypt.org to get a free domain bound certificate with widespread trust anchors?
https://letsencrypt.org/getinvolved/
They’ve expressed an interest in getting an Exim plugin to assist with creation and deployment of certificates. The plugins help prove domain ownership and then install the certificate.
https://community.letsencrypt.org/t/what-are-plugins-used-for/74
--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148