Hello
All,
I'm using SMTP-AUTH
with TLS wrapper with Self Signed Certificate on my system.
I want users to be
able to install certificate on their computer (on OE or another mail-client) and
not press "Yes" on the nag screen on every login.
How can I do it so
client certificate only contain the public portion of the certificate (so it is
secure to publish this certificate on the net)?
Background
Info:
This is how I've
created certificates:
# openssl req -new
-x509 -sha1 -extensions v3_ca -nodes -days 999 -out cert.pem
# ls
. .. cert.pem privkey.pem
# cat privkey.pem cert.pem > /etc/ssl/certs/cert.pem
# mv -f privkey.pem /etc/ssl/certs/skey.pem
# chown cyrus:mail /etc/ssl/certs/cert.pem
# chmod 600 /etc/ssl/certs/cert.pem
. .. cert.pem privkey.pem
# cat privkey.pem cert.pem > /etc/ssl/certs/cert.pem
# mv -f privkey.pem /etc/ssl/certs/skey.pem
# chown cyrus:mail /etc/ssl/certs/cert.pem
# chmod 600 /etc/ssl/certs/cert.pem
In my imapd.conf
I've added:
tls_cert_file:
/etc/ssl/certs/cert.pem
tls_key_file: /etc/ssl/certs/cert.pem
tls_ca_file: /etc/ssl/certs/cert.pem
tls_ca_path: /etc/ssl/certs
tls_key_file: /etc/ssl/certs/cert.pem
tls_ca_file: /etc/ssl/certs/cert.pem
tls_ca_path: /etc/ssl/certs
Best
Regards,
Leon
Kolchinsky
---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html