openssl postfix
Hi all :-)
After long search I've (again) some problems with postfix and TLS :-/
[...]
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtp_tls_CAfile=/etc/postfix/ssl/myca.crt
Two questions:
1) Need I a CA certficate (by my server? - no external CA) to do this?
2) Need I the certificates installed on email clients?
Ok, I done:
openssl req -config openssl.my.cnf -new -x509 -extensions v3_ca -keyout
private/myca.key -out certs/myca.crt -days 1825
openssl req -config openssl.my.cnf -new -nodes -keyout private/server.key -out
server.csr -days 365
openssl ca -config openssl.my.cnf -policy policy_anything -out certs/server.crt
-infiles server.csr
cat /var/log/mail.log (when a client try to send an email):
smtpd[25934]: warning: TLS library problem: 25934:error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1108:SSL alert
number 42:
thanks for help!
Pol
Reply to: