On 24/08/12 02:33, li...@sbt.net.au wrote:
I'm just setting up a new Postix server with TLS on Centos 6, I've
generated self certified certificate, that all seems OK as follows:
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
but I'm 'missing' the CAfile part
looking at where my key/certificates are in /etc/pki/tls/certs/ I have
so, is 'ca-bundle.trust.crt' what I put in
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.trust.crt
or the ca-bundle.crt ??
No, you need to have your cert signed by a CA (certificate Authority)
and it is the CA cert that signed your cert that you put there.
You can actually create your own CA cert and then sign your own
certificates for this purpose. For example, see here:
http://www.ibm.com/developerworks/lotus/library/ls-Certification_Authority/
http://www.g-loaded.eu/2005/11/10/be-your-own-ca/
