On Aug 5, 2013, at 07:12, Yishen Miao <mys72...@gmail.com> wrote: > I'm trying to re-use my SSL certificate for Apache on postfix which is > encrypted. It would be convent if postfix can support that. > > Also, an encrypted private key that is read-only for root sounds more secure > than a plain one in the worse problem scenarios. :-p
Do not top-post, please. As for the certificate, I assume that you are talking about a private key with a password? Have a look at the OpenSSL documentation, there's probably a way to export/convert your password-protected private key to one that does not require a password to be entered. Also, 'sounds more secure' is pretty much the only benefit you would get from Postfix support for such private keys. Because if someone can read your private key, they have root privileges, and they could just replace your certificate completely. In other words, it only sounds more secure, but isn't in practice. Mvg, Joni -- > On Aug 4, 2013, at 9:54 PM, wie...@porcupine.org (Wietse Venema) wrote: > >> Yishen Miao: >>> Hello world, >>> >>> I was configuring my postfix server for TLS support today and found >>> out that Postfix does not support encrypted private key. >>> >>> I wonder is there any plan about adding such feature to postfix? >> >> There are no such plans. If random people can read a private key >> file that is read-only for root, then you have worse problems than >> email security. >> >> Wietse >
