On 4/8/11 3:36 AM, Marcus Meissner wrote:
On Thu, Apr 07, 2011 at 05:48:06PM -0500, Jim Flanagan wrote:
I've got my new install to handle basic smtp/imap. Clean 11.4 install, Postfix/Cyurs imap/SASL using plain text passwords. Now I need to set up SSL/TLS.
In the past I've used self rolled certs, but I think I'd rather use some free certs like StartSSL. I beleive they do authenticated certs for one years duration.
In any case, do I need one cert, or more than one? In the past for email I've used mail.domain.com for both IMAP and SMPT, but that was not with an authenticated cert. Do I need one for each service, and another for WWW?
I installed the yast2-ca-management but haven't done anything with it yet. I'm also not sure where to place them when I get them done, but a common location seems most logical. So, I'm not sure where to start to produce the certs, or where to install them.
Any help or pointers to a good opensuse/cyrus flavored resource would me much appreciated. As long as the hostname is the same, you can use the same certificate.
Usual you could also request several names per certificate too (altNames) for multiple hostnames.
my /etc/postfix/main.cf has: smtpd_tls_cert_file = /etc/ssl/servercerts/servercert.pem smtpd_tls_security_level = may smtpd_tls_key_file = /etc/ssl/servercerts/serverkey.pem smtp_tls_CApath = /etc/ssl/certs/
my /etc/imapd.conf (cyrus config) has: tls_cert_file: /etc/ssl/servercerts/servercert.pem tls_key_file: /etc/ssl/servercerts/serverkey.pem
Ciao, Marcus Thanks Marcus, will work on this basis.
Jim F -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org