Generate the private key and certificate signing request, as described in Chapter 24. The
best location for these files is in /etc/ssl/private/. Here's an example:
# cd /etc/exim4
# openssl genrsa -out mail.key 1024
# chmod 640 mail.key
# openssl req -new -key mail.key -out mail.csr
# chown root:Debian-exim mail.key
5. Get your CSR (Certificate Signing Request) signed and place the certificate in /etc/
mail/private/mail.crt. Or, to use a self-signed certificate, do the following:
# cd /etc/exim4
# openssl req -new -x509 -nodes -sha1 \
-days 365 -key mail.key -out mail.crt
# chmod 640 mail.crt
# chown root:Debian-exim mail.crt
Some remote servers will refuse to send messages to your server if your certificate is not
signed by a CA that they recognize. Also, make sure the common name (cn) attribute
on your certificate matches the name of the server in DNS.
6. Concatenate the private key and certificate into a single file for Courier:
# cd /etc/courier
# cat /etc/exim4/mail.key /etc/exim4/mail.crt > mail.pem
# chmod 600 mail.pem
7. Enable SSL/TLS in the Courier IMAP and POP daemons by editing both /etc/
courier/imapd-ssl and /etc/courier/pop3d-ssl, and by replacing the values
for TLS_CERTFILE and TLS_TRUSTCERTS with the following:
TLS_CERTFILE=/etc/courier/mail.
Pages:
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263