On 2019-12-10 積丹尼 Dan Jacobson <[email protected]> wrote: > We read there
> To avoid the (small) performance issue one can locally create > No only a (small) performance issue, but a source of warnings. You need > to mention one will get warnings without doing this step. Will do. > certificates. The exim-gencert script (which requires openssl) can be > helpful for this purpose. It is shipped in > /usr/share/doc/exim4-base/examples/ and takes care of proper access > privileges on the private key file when installing key/certificate in > /etc/exim4/. > OK, but the user doesn't know what to fill in for e.g., > commonName = Server name (eg. ssl.domain.tld; required!!!) > commonName_max = 64 If they have a stable they will know. If they do not, there is not correct response. > Also apparently when one sees the warning, it means exim "has run the > script for him" and "run once each time one sends a message" thus > causing the aforementioned small performance issue, vs. running it once > per computer's lifetime. > So apparently, as far as exim connecting to one's ISP, the view from the > ISP is entirely the same. The ISP will never see the snakeoil certificate. This is eally only about the server side, exim *receiving* messages by SMTP. [...] > Thus for users on their own personal computers, perhaps add a note to > README, that the warnings can safely be ignored. Ok. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
