On Sun, Apr 16, 2023 at 03:07:38AM +0300, Oleksandr via Postfix-users wrote:
> Yes, it looks like this :-)
> But I was hoping that it would be enough to make corrections in the main.cf
> and master.cf, and Postfix friendship with the camera would be restored.
It isn't actually Postfix performing the server side of the TLS
handshake, it is actually OpenSSL and it is the camera that decices to
hang up.
> Unfortunately, I will not be able to implement the Steps 1-3 proposed
> by you, because my knowledge is not enough for this.
Just step 1 should be easy, replace your server certificate with a
2048-bit self-signed certificate. 4096-bit RSA certificates are
pointless.
> Thefore apparently, me will have to use plain text, although it's not safe :-(
Any particular reason you can't replace the key and certificate with a
more reasonable 2048-bit pair?
$ dnsname=mailserver.mail.lan
$ rm certkey.pem
$ openssl req -new -nodes -newkey rsa:2048 -keyout /dev/stdout \
-config <(
printf 'distinguished_name=dn\n[dn]\nprompt=yes\n'
) -x509 -subj / -days 3653 \
-addext "basicConstraints = critical,CA:FALSE" \
-addext "extendedKeyUsage = serverAuth" \
-addext "subjectAltName = DNS:$dnsname" >> certkey.pem
(On Linux systems make sure to use ">>" not ">" to redirect the output).
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
