Viktor Dukhovni:
> > People who want a more compact recipe for a self-signed cert on
> > a single SMTP server can use my "one-liner" (for machines whose
> > hostname is an FQDN):
...
> With the "-nodes" option in most cases:
>
> $ tmp=$(mktemp smtpd.pem.XXXXXX) &&
> openssl req -new \
> -newkey rsa:1280 -nodes -keyout /dev/stdout \
> -x509 -days $((365 * 10)) -subj "/CN=$(uname -n)" >> "$tmp" &&
> mv "$tmp" smtpd.pem
And with accompanying configuration:
/etc/postfix/main.cf:
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_security_level = may
which leaves smtpd_tls_CAfile at its default empty value.
Correct? I'm combining fragments from email postings with some
additional narrative, so that the result becomes usable for a
tutorial section in TLS_README.
Wietse
