On 12/20/2012 10:02 AM, Wietse Venema wrote:
Viktor Dukhovni:
People who want a more compact recipe for a self-signed cert on
a single SMTP server can use my "one-liner" (for machines whose
hostname is an FQDN):
...
With the "-nodes" option in most cases:
$ tmp=$(mktemp smtpd.pem.XXXXXX) &&
openssl req -new \
-newkey rsa:1280 -nodes -keyout /dev/stdout \
-x509 -days $((365 * 10)) -subj "/CN=$(uname -n)" >> "$tmp" &&
mv "$tmp" smtpd.pem
And with accompanying configuration:
/etc/postfix/main.cf:
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_security_level = may
Oh, I see. Yes you ARE putting both the cert and the key in one file.
Interesting.
which leaves smtpd_tls_CAfile at its default empty value.
Correct? I'm combining fragments from email postings with some
additional narrative, so that the result becomes usable for a
tutorial section in TLS_README.
I think so. I don't know the main.cf format and I am trying to put all
of my changes in via postconf -e commands, So I can understand each item
in the file. I think. Therefore I am, I think. (from the Moody Blues
'Days of Future Past')
