Date: Wed, 06 May 2015 12:39:22 -0500 From: Noel <noeldude@gmail.com> To: Ernie Luzar <luzar722@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: postfix with TLS Message-ID: <554A51CA.6020601@gmail.com> In-Reply-To: <554A1D43.1080600@gmail.com> References: <5546444B.2060002@gmail.com> <55464916.9030305@FreeBSD.org> <55464FC2.70709@gmail.com> <55466590.2090607@FreeBSD.org> <55492DDB.2020501@gmail.com> <554951AB.7010802@gmail.com> <554A1D43.1080600@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/6/2015 8:55 AM, Ernie Luzar wrote: > Thank you noel for your help so far. That quick-start=20 > instructions are all most useless because they don't make sense > and reference a script which is not available. Sorry, those instructions assume a certain level of experience. > First of all the "Self-signed server certificate" section says this > "In the examples below, user input is shown in bold font, and a > "#" prompt indicates a super-user shell." > But there is no bold font, just blue links and I can only guess > that what there trying to say about ""#" prompt indicates a > super-user shell" > is a indirect way of saying this. > > Copy the code shown in the "Self-signed server certificate" > section and paste it in a newly created blank file. > Insert "#! /bin/sh" as the first line of the file and remove all > the "#" > Save and exec. Yes, that should work OK, and then you're done. Make sure you've set your hostname in the postfix main.cf file prior to executing this, since the script relies on that information being correct. The comment about bold font refers to the Private Certificate Authority section further down. > As I read the quick-start instructions is see that the first part > of the instructions in the "Private Certification Authority" > section is > based on a perl script called CA.pl. I have perl installed and the > locate command does not find it. CA.pl is part of openssl. For some reason I'm not aware of, FreeBSD doesn't include that script. But you don't really need it unless you want to set up a private CA. The only reason you might want a private CA is if you intend to issue your own certificates to clients to use for certificate-based authentication. This isn't common; almost everyone uses SASL passwords or client IP for authentication rather than certificates. If you need to set up a private CA, either install the openssl from ports, or just grab the CA.pl script from somewhere on the internet. More likely you can just skip that section. > Upon closer re-reading of the quick-start instructions it almost > seems that what is shown under the "Self-signed server > certificate" section > is an newer and quicker method of accomplishing what is shown in > the "Private Certification Authority" section. You do one or the > other but not both. Not newer, but simpler and quicker since it skips the private CA part that few folks need. The instructions could be clearer about that. -- Noel Jones
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?554A51CA.6020601>