From: Victor Duchovni (Victor.Duchovnimorganstanley.com)
Date: Fri May 23 2008 - 09:07:30 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 23, 2008 at 02:17:16PM +0100, elaconta.com Webmaster wrote:

> Hi
>
> I've just had an SSL certificate installed on our webserver, and i'm
> wondering if we can use the same certificate to encrypt TLS connections
> to Postfix (our Postfix has TLS support compiled in).
>
> I've heard that a password protect SSL certificate (as is the case)
> can't be used with Postfix, is this true? Or do we just have to key in
> the certificate password each time Postfix starts? I would have no
> problems with that.

        # umask 077
        # openssl rsa \
                -in /some/where/key-aes.pem \
                -out /etc/postfix/key-noaes.pem

There is no point encrypting private keys if the passphrase is then stored
on the host that needs the key so that non-interactive applications can
use the key. The only available protection is the file permissions on
the key.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]