[exim] default certificate file /etc/exim4/exim.crt

Startseite
Nachricht löschen
Nachricht beantworten
Autor: jk-exim
Datum:  
To: exim-users
Betreff: [exim] default certificate file /etc/exim4/exim.crt

Hello,

I'm exim beginner.




I was installing new server.

On the new server (Debian) there is Exim 4.94.2 and on the old one there was
Exim 4.89.

I copied files /etc/exim4/exim.crt and /etc/exim4/exim.key from the old
server.

I also tried to understand old configuration and copy some relevant
settings.




But I stuck with sending emails via SMTP/STARTLS.





I was looking into /etc/exim4/exim4.conf.template and there was something
like:




# Full paths to Certificate and Private Key. The Private Key file
# must be kept 'secret' and should be owned by root.Debian-exim mode
# 640 (-rw-r-----). exim-gencert takes care of these prerequisites.
# Normally, exim4 looks for certificate and key in different files:
#   MAIN_TLS_CERTIFICATE - path to certificate file,
#                          CONFDIR/exim.crt if unset
#   MAIN_TLS_PRIVATEKEY  - path to private key file
#                          CONFDIR/exim.key if unset
# You can also configure exim to look for certificate and key in the
# same file, set MAIN_TLS_CERTKEY to that file to enable. This takes
# precedence over all other settings regarding certificate and key file.
.ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE

.ifndef MAIN_TLS_PRIVATEKEY
MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
.endif
tls_privatekey = MAIN_TLS_PRIVATEKEY
.endif



So I supposed Exim would automatically use /etc/exim4/exim.crt and /etc/exim
4/exim.key

But when I was trying to send email by Mozilla Thunderbird via SMTP/STARTTLS
then it was showing me that the server's ceritificate isn't from our company
but one from Exim Developers and valid only for one hour.

When I tried command "exim4 -bP | grep tls_cert | sort" then I could see
that tls_certificate and tls_privatekey were empty.




I solved it by direct setting below the lines mentioned above:

tls_certificate = /etc/exim4/exim.crt
tls_privatekey = /etc/exim4/exim.key


(And of course: update-exim4.conf)




So it works now for me now but I still have a feeling there is something
wrong.




Best regards,

Jakub