Monday, 10 September 2012

use TLS for secure communication

You can use the ca created in configure a certificate authority (CA) and sign certificate requests

Postfix

Create the SSL directory
#mkdir /etc/postfix/ssl
##cd /etc/postfix/ssl

Create the Key and Request
#openssl req -new -nodes -keyout client.example.com.key -out mail.example.com.csr

Sign the Request
#cp mail.example.com.csr /etc/pki/tls/misc/newreq.pem
#cd /etc/pki/tls/misc/
#./CA.pl -sign

Copy cert to SSL dir
#cp  newcert.pem /etc/postfix/ssl/mail.example.com.crt

Copy the cacert
#cp /etc/pki/CA/cacert.pem ssl/

Use postconf to configure TSL settings
#postconf -e "smtpd_use_tls = yes"
#postconf -e "smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem"
#postconf -e "smtpd_tls_cert_file = /etc/postfix/ssl/mail.example.com.crt"
#postconf -e "smtpd_tls_key_file = /etc/postfix/ssl/mail.example.com.key"

Restart postfix
#service postfix restart

Sendmail


Install sendmail-mc
#yum install sendmail-mc -y

Create the SSL directory
#mkdir /etc/mail/ssl
##cd /etc/mail/ssl

Create the Key and Request
#openssl req -new -nodes -keyout client.example.com.key -out mail.example.com.csr

Update permissions on the key file
#chmod 400 mail.example.com.key

Sign the Request
#cp mail.example.com.csr /etc/pki/tls/misc/newreq.pem
#cd /etc/pki/tls/misc/
#./CA.pl -sign

Copy cert to SSL dir
#cp  newcert.pem /etc/mail/ssl/mail.example.com.crt

Update sendmail config
#cd /etc/mail

Edit sendmail.mc and add the following


define(`confCACERT_PATH', `/etc/mail/ssl')dnl
define(`confCACERT', `/etc/pki/CA/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/ssl/auth1.example.com.crt')dnl
define(`confSERVER_KEY', `/etc/mail/ssl/auth1.example.com.key')dnl

Update sendmail
#make -C .

Restart sendmail
#service sendmail restart


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)