cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Expand on the existing documentation regarding TLS and certificates,

Browse Source 
adding information important to operators of SMTP services used
by a number of Windows (and probably Unix) MUA packages.

This text has been approved by the author and will be included in
the next release of exim-4.  Another release of exim-3.3x is not
expected.

This change is based on an explanation of SSL certificates attributed
below, but was not a direct submission.  Errors are my own, etc.

Submitted by:	terry
Message-Id:	<3C3F3A93.C1ECF9B0@mindspring.com>
This commit is contained in:
Sheldon Hearn 2002-01-15 15:58:59 +00:00
parent baa2010112
commit 1fc4705744
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=53123
6 changed files with 132 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
mail/exim-devel/files/patch-..::exim-texinfo-3.30::doc::spec.texinfo Normal file
View File

@ -0,0 +1,22 @@
--- ../exim-texinfo-3.951/doc/spec.texinfo.orig Tue Jun 12 12:20:49 2001
+++ ../exim-texinfo-3.951/doc/spec.texinfo Tue Jan 15 17:19:46 2002
@@ -20785,6 +20785,19 @@
may be adequate for all your requirements if you are mainly interested in
encrypting transfers, and not in secure identification.
+However, many clients require that the certificate presented by Exim be a user
+(also called "leaf" or "site") certificate, and not a self-signed certificate.
+In this case, the self-signed certificate described above must be installed on
+the client host as a trusted root certification authority and the certificate
+used by Exim must be a user certificate signed with that self-signed
+certificate.
+
+For information on creating self-signed CA certificates and using them to sign
+user certificates, see the "General implementation overview" chapter of the
+Open-source PKI Book, available online at:
+
+http://ospkibook.sourceforge.net/
+

22
mail/exim-devel/files/patch-doc::spec.txt Normal file
View File

@ -0,0 +1,22 @@
--- doc/spec.txt.orig Wed Dec 19 13:50:32 2001
+++ doc/spec.txt Tue Jan 15 15:52:05 2002
@@ -14403,6 +14403,19 @@
be adequate for all your requirements if you are mainly interested in
encrypting transfers, and not in secure identification.
+However, many clients require that the certificate presented by Exim be a user
+(also called "leaf" or "site") certificate, and not a self-signed certificate.
+In this case, the self-signed certificate described above must be installed on
+the client host as a trusted root certification authority and the certificate
+used by Exim must be a user certificate signed with that self-signed
+certificate.
+
+For information on creating self-signed CA certificates and using them to sign
+user certificates, see the "General implementation overview" chapter of the
+Open-source PKI Book, available online at:
+
+ http://ospkibook.sourceforge.net/
+
39. CUSTOMIZING ERROR AND WARNING MESSAGES

22
mail/exim-old/files/patch-..::exim-texinfo-3.30::doc::spec.texinfo Normal file
View File

@ -0,0 +1,22 @@
--- ../exim-texinfo-3.30/doc/spec.texinfo.orig Tue Jun 12 12:20:49 2001
+++ ../exim-texinfo-3.30/doc/spec.texinfo Tue Jan 15 17:19:46 2002
@@ -20785,6 +20785,19 @@
may be adequate for all your requirements if you are mainly interested in
encrypting transfers, and not in secure identification.
+However, many clients require that the certificate presented by Exim be a user
+(also called "leaf" or "site") certificate, and not a self-signed certificate.
+In this case, the self-signed certificate described above must be installed on
+the client host as a trusted root certification authority and the certificate
+used by Exim must be a user certificate signed with that self-signed
+certificate.
+
+For information on creating self-signed CA certificates and using them to sign
+user certificates, see the "General implementation overview" chapter of the
+Open-source PKI Book, available online at:
+
+http://ospkibook.sourceforge.net/
+

22
mail/exim-old/files/patch-doc::spec.txt Normal file
View File

@ -0,0 +1,22 @@
--- doc/spec.txt.orig Wed Dec 19 13:50:32 2001
+++ doc/spec.txt Tue Jan 15 15:52:05 2002
@@ -14403,6 +14403,19 @@
be adequate for all your requirements if you are mainly interested in
encrypting transfers, and not in secure identification.
+However, many clients require that the certificate presented by Exim be a user
+(also called "leaf" or "site") certificate, and not a self-signed certificate.
+In this case, the self-signed certificate described above must be installed on
+the client host as a trusted root certification authority and the certificate
+used by Exim must be a user certificate signed with that self-signed
+certificate.
+
+For information on creating self-signed CA certificates and using them to sign
+user certificates, see the "General implementation overview" chapter of the
+Open-source PKI Book, available online at:
+
+ http://ospkibook.sourceforge.net/
+
39. CUSTOMIZING ERROR AND WARNING MESSAGES

22
mail/exim/files/patch-..::exim-texinfo-3.30::doc::spec.texinfo Normal file
View File

@ -0,0 +1,22 @@
--- ../exim-texinfo-3.30/doc/spec.texinfo.orig Tue Jun 12 12:20:49 2001
+++ ../exim-texinfo-3.30/doc/spec.texinfo Tue Jan 15 17:19:46 2002
@@ -20785,6 +20785,19 @@
may be adequate for all your requirements if you are mainly interested in
encrypting transfers, and not in secure identification.
+However, many clients require that the certificate presented by Exim be a user
+(also called "leaf" or "site") certificate, and not a self-signed certificate.
+In this case, the self-signed certificate described above must be installed on
+the client host as a trusted root certification authority and the certificate
+used by Exim must be a user certificate signed with that self-signed
+certificate.
+
+For information on creating self-signed CA certificates and using them to sign
+user certificates, see the "General implementation overview" chapter of the
+Open-source PKI Book, available online at:
+
+http://ospkibook.sourceforge.net/
+

22
mail/exim/files/patch-doc::spec.txt Normal file
View File

@ -0,0 +1,22 @@
--- doc/spec.txt.orig Wed Dec 19 13:50:32 2001
+++ doc/spec.txt Tue Jan 15 15:52:05 2002
@@ -14403,6 +14403,19 @@
be adequate for all your requirements if you are mainly interested in
encrypting transfers, and not in secure identification.
+However, many clients require that the certificate presented by Exim be a user
+(also called "leaf" or "site") certificate, and not a self-signed certificate.
+In this case, the self-signed certificate described above must be installed on
+the client host as a trusted root certification authority and the certificate
+used by Exim must be a user certificate signed with that self-signed
+certificate.
+
+For information on creating self-signed CA certificates and using them to sign
+user certificates, see the "General implementation overview" chapter of the
+Open-source PKI Book, available online at:
+
+ http://ospkibook.sourceforge.net/
+
39. CUSTOMIZING ERROR AND WARNING MESSAGES