[exim] Re: SSL Certificates

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Viktor Dukhovni via Exim-users
Datum:  
To: exim-users
Betreff: [exim] Re: SSL Certificates
On Wed, Mar 20, 2024 at 06:17:48AM +0100, Niels Kobschätzki via Exim-users wrote:

> Use https://whatsmychaincert.com/, put in your certificate and get a file with a correct full chain with or without root back.


This is prone to accidental pasting of one's private keys into the
webform.  A safer alternative is:

    $ openssl pkcs12 -export -chain -nokeys -passout pass:whatever \
        -in cert.pem -untrusted chain.pem |
        openssl pkcs12 -in /dev/stdin -passin pass:whatever

This will construct a PKCS#12 object with the complete chain, and then
dump that chain to stdout.  The "chain.pem" file containts candidate
intermediate CAs, and "cert.pem" contains the end-entity certificate.
The system trust store will provide the trust anchor (root CA).

To save directly to a file add a final "-out fullchain.pem" (or filename
of your choice) option.

-- 
    Viktor.


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/