docs/diploma

changeset 179:7596cdcfbc1e

find changesets by author, revision, files, or words in the commit message
tutorial how to use stunnel
author meillo@marmaro.de
date Sat, 27 Dec 2008 18:47:23 +0100
parents b426a663d5f0
children d75bd7a72d8b
files docs/openssl-stunnel.txt
diffstat 1 files changed, 75 insertions(+), 0 deletions(-) [+]
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/docs/openssl-stunnel.txt	Sat Dec 27 18:47:23 2008 +0100
     1.3 @@ -0,0 +1,75 @@
     1.4 +
     1.5 +ch /usr/share/ssl/misc
     1.6 +
     1.7 +create new CA:
     1.8 +\begin{verbatim}
     1.9 +	CA.pl -newca
    1.10 +		country: DE
    1.11 +		state: schwaben
    1.12 +		city: Ulm
    1.13 +		company:
    1.14 +		section:
    1.15 +		name:
    1.16 +		emailaddress:
    1.17 +\end{verbatim}
    1.18 +
    1.19 +generate ssl key:
    1.20 +\begin{verbatim}
    1.21 +	CA.pl -newreq
    1.22 +		... the same questions
    1.23 +\end{verbatim}
    1.24 +
    1.25 +sign request with CA:
    1.26 +\begin{verbatim}
    1.27 +	CA.pl -sign
    1.28 +\end{verbatim}
    1.29 +
    1.30 +remove passphrase from private key:
    1.31 +\begin{verbatim}
    1.32 +	openssl rsa <newreq.pem >key.pem
    1.33 +	(to be used by programs automaticly)
    1.34 +\end{verbatim}
    1.35 +
    1.36 +secure:
    1.37 +\begin{verbatim}
    1.38 +	chmod 400 *.pem
    1.39 +	cp newcert.pem /etc/postfix/cert.pem
    1.40 +	cp key.pem /etc/postfix/key.pem
    1.41 +	cp demoCA/cacert.pem /etc/postfix/CAcert.pem
    1.42 +	chmode 400 /etc/postfix/*.pem
    1.43 +
    1.44 +	mkdir /etc/stunnel
    1.45 +	cat newcert.pem key.pem >/etc/stunnel/stunnel.pem
    1.46 +	chmod 400 /etc/stunnel/stunnel.pem
    1.47 +	(check /etc/stunnel with `stunnel -V')
    1.48 +\end{verbatim}
    1.49 +
    1.50 +
    1.51 +set up stunnels for POP, etc:
    1.52 +\begin{verbatim}
    1.53 +	nmap localhost
    1.54 +	stunnel -d pop3s -r localhost:pop3 -p /etc/stunnel/stunnel.pem
    1.55 +	stunnel -d imaps -r localhost:imap -p /etc/stunnel/stunnel.pem
    1.56 +	nmap localhost
    1.57 +		pop3s 995
    1.58 +		imaps 993
    1.59 +\end{verbatim}
    1.60 +
    1.61 +do not use stunnel wit SMTP:
    1.62 +because all incoming mail would be from 127.0.0.1 !!
    1.63 +use STARTTLS instead
    1.64 +
    1.65 +postfix: main.cf
    1.66 +\begin{verbatim}
    1.67 +	smtpd_use_tls = yes
    1.68 +	smtpd_tls_received_header = no (does not log in received headers)
    1.69 +
    1.70 +	smtpd_tls_key_file = /etc/postfix/key.pem
    1.71 +	smtpd_tls_cert_file = /etc/postfix/cert.pem
    1.72 +	smtpd_tls_CA_file = /etc/postfix/CAcert.pem
    1.73 +
    1.74 +	smtp_use_tls = yes  (use TLS for sending)
    1.75 +	smtp_tls_key_file = /etc/postfix/key.pem
    1.76 +	smtp_tls_cert_file = /etc/postfix/cert.pem
    1.77 +	smtp_tls_CA_file = /etc/postfix/CAcert.pem
    1.78 +\end{verbatim}