On 12/10/18 6:46 AM, Marco Fioretti wrote:
Hello Viktor, and all.This is only a partial answer to Viktor last email: Il giorno lun 10 dic 2018 alle ore 13:56 Viktor Dukhovni <postfix-us...@dukhovni.org> ha scritto:-r--------. 1 root root 3546 Dec 7 11:59 fullchain1.pem -rw-r--r--. 1 root root 1704 Dec 7 11:59 privkey1.pemThis looks rather odd. You're keeping your public certificate chain protected, but making the keys world-readable???the setting of privkey to 644 comes from one of Alice's answers (I may have misinterpreted it, of course, but that is where it comes from).
If I suggest 644 for private I mis-typed (happens) 644 is what I use for cert 400 is what I use for private -- For signature trust anchor (paranoid only need worry 'bout this): https://ca.pipfrosch.com/pipfrosch-cacert-pem.crt Webmail clients, sorry, out of luck, you can't import it. Get an actual e-mail app.
smime.p7s
Description: S/MIME Cryptographic Signature
