[BlueOnyx:14285] Re: TLS certificates
Ernie
ernie at info.eis.net.au
Mon Jan 20 22:36:59 -05 2014
Interesting,
I wasn't aware it was linked to the admsrv.
I see that it uses the CA information in /etc/pki/tls/certs/ca-bundle.crt
which I had to wget http://www.cacert.org/certs/root.txt and append it to
the file to make it not treats cacert.org as a self-sign.
I had put the key and cert into /usr/share/ssl/certs/sendmail.pem and added
the CA to /usr/share/ssl/certs/ca-bundle.crt but it was still saying self
signed until I modified /etc/pki/tls/certs/ca-bundle.crt as well.
I wonder if cacert.org will eventually be added to the list of CA, it's a
good service.
Thanks
- Ernie.
>
> Hi Ernie,
>
> > I just obtained an SSL certificate from CAcert.org that I want to use for
> > encrypting TLS smtp sessions between a couple of servers.
> >
> > Can somebody tell me which directory the certifcate needs to go in?
> >
> > I have only dealt with Apache certificates in the past and I don't knwow
> > where the TLS certs live.
>
> In the GUI go to "Server Management" / "Security" / "SSL".
>
> Do the "Create Signing Request" as you'd do for a virtual site. But this
> is the certificate for the AdmServ, so it uses the server name.
>
> If you create a self signed cert or install a "real" cert, then that
> certificate is used both for the GUI and for SMTP.
>
> Once the certificate is installed, you can test it this way:
>
> openssl s_client -connect server.company.com:465
>
> It'll show you if it works or not and you can see which certificate
> information an email client would see.
>
> --
> With best regards
>
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>
--
"I Ping therefore I am."
More information about the Blueonyx
mailing list