docs/diploma
view docs/openssl-stunnel.txt @ 409:ca763bd8c809
Added tag final version which I handed in for changeset ee7211546c02
| author | meillo@marmaro.de |
|---|---|
| date | Wed, 11 Feb 2009 08:55:32 +0100 |
| parents | 7596cdcfbc1e |
| children |
line source
2 ch /usr/share/ssl/misc
4 create new CA:
5 \begin{verbatim}
6 CA.pl -newca
7 country: DE
8 state: schwaben
9 city: Ulm
10 company:
11 section:
12 name:
13 emailaddress:
14 \end{verbatim}
16 generate ssl key:
17 \begin{verbatim}
18 CA.pl -newreq
19 ... the same questions
20 \end{verbatim}
22 sign request with CA:
23 \begin{verbatim}
24 CA.pl -sign
25 \end{verbatim}
27 remove passphrase from private key:
28 \begin{verbatim}
29 openssl rsa <newreq.pem >key.pem
30 (to be used by programs automaticly)
31 \end{verbatim}
33 secure:
34 \begin{verbatim}
35 chmod 400 *.pem
36 cp newcert.pem /etc/postfix/cert.pem
37 cp key.pem /etc/postfix/key.pem
38 cp demoCA/cacert.pem /etc/postfix/CAcert.pem
39 chmode 400 /etc/postfix/*.pem
41 mkdir /etc/stunnel
42 cat newcert.pem key.pem >/etc/stunnel/stunnel.pem
43 chmod 400 /etc/stunnel/stunnel.pem
44 (check /etc/stunnel with `stunnel -V')
45 \end{verbatim}
48 set up stunnels for POP, etc:
49 \begin{verbatim}
50 nmap localhost
51 stunnel -d pop3s -r localhost:pop3 -p /etc/stunnel/stunnel.pem
52 stunnel -d imaps -r localhost:imap -p /etc/stunnel/stunnel.pem
53 nmap localhost
54 pop3s 995
55 imaps 993
56 \end{verbatim}
58 do not use stunnel wit SMTP:
59 because all incoming mail would be from 127.0.0.1 !!
60 use STARTTLS instead
62 postfix: main.cf
63 \begin{verbatim}
64 smtpd_use_tls = yes
65 smtpd_tls_received_header = no (does not log in received headers)
67 smtpd_tls_key_file = /etc/postfix/key.pem
68 smtpd_tls_cert_file = /etc/postfix/cert.pem
69 smtpd_tls_CA_file = /etc/postfix/CAcert.pem
71 smtp_use_tls = yes (use TLS for sending)
72 smtp_tls_key_file = /etc/postfix/key.pem
73 smtp_tls_cert_file = /etc/postfix/cert.pem
74 smtp_tls_CA_file = /etc/postfix/CAcert.pem
75 \end{verbatim}
81 stunnel:
82 $ stunnel -f -p stunnel.pem -l /path/to/smtpd