# HG changeset patch # User meillo@marmaro.de # Date 1230400043 -3600 # Node ID 7596cdcfbc1ee37c99724d231a260a899ebdd836 # Parent b426a663d5f06ec9f6c2e794c45bd638c64fc5ac tutorial how to use stunnel diff -r b426a663d5f0 -r 7596cdcfbc1e docs/openssl-stunnel.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docs/openssl-stunnel.txt Sat Dec 27 18:47:23 2008 +0100 @@ -0,0 +1,75 @@ + +ch /usr/share/ssl/misc + +create new CA: +\begin{verbatim} + CA.pl -newca + country: DE + state: schwaben + city: Ulm + company: + section: + name: + emailaddress: +\end{verbatim} + +generate ssl key: +\begin{verbatim} + CA.pl -newreq + ... the same questions +\end{verbatim} + +sign request with CA: +\begin{verbatim} + CA.pl -sign +\end{verbatim} + +remove passphrase from private key: +\begin{verbatim} + openssl rsa key.pem + (to be used by programs automaticly) +\end{verbatim} + +secure: +\begin{verbatim} + chmod 400 *.pem + cp newcert.pem /etc/postfix/cert.pem + cp key.pem /etc/postfix/key.pem + cp demoCA/cacert.pem /etc/postfix/CAcert.pem + chmode 400 /etc/postfix/*.pem + + mkdir /etc/stunnel + cat newcert.pem key.pem >/etc/stunnel/stunnel.pem + chmod 400 /etc/stunnel/stunnel.pem + (check /etc/stunnel with `stunnel -V') +\end{verbatim} + + +set up stunnels for POP, etc: +\begin{verbatim} + nmap localhost + stunnel -d pop3s -r localhost:pop3 -p /etc/stunnel/stunnel.pem + stunnel -d imaps -r localhost:imap -p /etc/stunnel/stunnel.pem + nmap localhost + pop3s 995 + imaps 993 +\end{verbatim} + +do not use stunnel wit SMTP: +because all incoming mail would be from 127.0.0.1 !! +use STARTTLS instead + +postfix: main.cf +\begin{verbatim} + smtpd_use_tls = yes + smtpd_tls_received_header = no (does not log in received headers) + + smtpd_tls_key_file = /etc/postfix/key.pem + smtpd_tls_cert_file = /etc/postfix/cert.pem + smtpd_tls_CA_file = /etc/postfix/CAcert.pem + + smtp_use_tls = yes (use TLS for sending) + smtp_tls_key_file = /etc/postfix/key.pem + smtp_tls_cert_file = /etc/postfix/cert.pem + smtp_tls_CA_file = /etc/postfix/CAcert.pem +\end{verbatim}