主页 / server / 问题 / 797873
Accepted
abr_stackoverflow
Asked: 2016-08-20 02:39:06 +0800 CST

为什么 exim 从同一个文件中读取证书和密钥?

  • 772

我通过将这些字符串添加到01_exim4-config_listmacrosdefs. 我使用拆分配置

MAIN_TLS_ENABLE = yes
MAIN_TLS_CERTKEY = /etc/exim4/example.com.crt
MAIN_TLS_PRIVATEKEY = /etc/exim4/example.com.key

所以重新启动后,连接到端口 465,输入EHLOSTARTTLS我得到了这个:454 TLS currently unavailable

在日志中我有这个:

13:29:36 10872 SMTP<< STARTTLS
13:29:36 10872 initialising GnuTLS as a server
13:29:36 10872 GnuTLS global init required.
13:29:36 10872 initialising GnuTLS server session
13:29:36 10872 Expanding various TLS configuration options for session credentials.
13:29:36 10872 certificate file = /etc/exim4/example.com.crt
13:29:36 10872 key file = /etc/exim4/example.com.crt
13:29:36 10872 LOG: MAIN
13:29:36 10872   TLS error on connection from (192.168.1.111) [91.210.44.50] (cert/key setup: cert=/etc/exim4/example.com.crt key=/etc/exim4/example.com.crt): Error in parsing.

为什么 exim 对证书和密钥使用相同的文件?怎么修?

ubuntu ssl configuration exim

2 个回答

  1. Best Answer

    我应该使用MAIN_TLS_CERTIFICATE而不是MAIN_TLS_CERTKEY.

    • 4

  2. @chicks 如果服务器故障允许我,我会投票。

    仍然吸引人(即两年后的我)。

    从技术上讲,conf.d/main/03_exim4-config_tlsoptions如果您在同一个文件中拥有证书和密钥,则使用MAIN_TLS_CERTKEY. 这是不好的做法,但允许。

    #   MAIN_TLS_CERTIFICATE - path to certificate file,
#                          CONFDIR/exim.crt if unset
#   MAIN_TLS_PRIVATEKEY  - path to private key file
#                          CONFDIR/exim.key if unset
# You can also configure exim to look for certificate and key in the
# same file, set MAIN_TLS_CERTKEY to that file to enable. This takes
# precedence over all other settings regarding certificate and key file.

    我掩饰了这一点,直接进入了ifdef陈述。其中第一个是:

    .ifdef MAIN_TLS_CERTKEY

    我完全错过了这.else部分:

    .ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE

    TL;DR:是的,设置MAIN_TLS_CERTIFICATE而不是MAIN_TLS_CERTKEY.

    • 1

相关问题