I generated a CSR
/opt/lib/openssl/bin/openssl req -new -nodes -out req.pem -keyout
/var/qmail/control/certificados/smtp/cert.pem ==> req.pem & cert.pem
cat req.pem ==> and I sent to verising
verising singed me and sent it to me. (cert.signed)
cat cert.signed >> `head -1 var/qmail/control/certificados/smtp/cert.pem`
So I have a signed (trial) certificate in
/var/qmail/control/certificados/smtp/cert.pem with RSA PRIVATE KEY and
CERTIFICATE
Ok, but... I continued to have problems.
When I try to send one message with mail client (Outlook Express) I display a
notice that says the certificate is not safe... Again!!!!
(Inside the CSR, in common name I have put hostname server).
What am I doing wrong?
Regards.
Carlos.
Murcia (Spain)
----- Original Message -----
From: West
To: Carlos García Gómez
Cc: [email protected]
Sent: Wednesday, October 15, 2008 10:08 PM
Subject: Re: Qmail Ldap & TLS
- One certificate by mail server.
- Use a PKI (openca,newpki,openssl,verisign...) after just need to provide
the public certificate
2008/10/15 Carlos García Gómez <[EMAIL PROTECTED]>
Hi,
Qmail - LDAP works fine with TLS and I think It's very easy to configure
with SMTPAUTH="TLSREQUIRED" variable, but...
Should I create a certificate for the server, or one for every mail domain
that I have?
How can I sign my own certificate? Now, when some users tries to send a
messages it displays a notice that says the certificate is not safe...
My architecture is a hardware balancer with two servers qmail-ldap (mx1 and
mx2) Is it necessary to create a single certificate common? or by Host name?
Thanks.
Carlos.
