Differences

This shows you the differences between two versions of the page.

--- postfix:how_to_make_ssl_key [2012/05/15 17:21]
188.143.232.12 xBPpNadbbE
+++ postfix:how_to_make_ssl_key [2012/05/16 12:01] (current)
a old revision restored
@@ Line 1: / Line 1: @@
-Yes, SSH is very safe!And I am quite aware of how alternate ports for the sshd.Most of the time this guide is like rnnvieet the wheel.  I did not do the tunneling due to security issues in ssh but to pass through tightly secured proxies and firewalls. On larger companies, security department usually only allow internet traffic on http and https (ssl) through a forward proxy.Then you have two ways to go.1. Tunnel ssh over http; Then you must cope with all strange hacks a forward proxy might do. Adding headers etc.2. Or do some tricks over https proxy connect with ssl, one could be my solution above.
+mkdir /etc/postfix/ssl \\
+cd /etc/postfix/ssl/ \\
+#openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024\\
+openssl genrsa  -rand /vmlinuz -out smtpd.key 1536\\
+chmod 600 smtpd.key \\
+openssl req -new -key smtpd.key -out smtpd.csr \\
+openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.pem \\
+openssl rsa -in smtpd.key -out smtpd.key.unencrypted \\
+mv -f smtpd.key.unencrypted smtpd.key \\
+openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 \\
+\\
+\\
+smtpd_tls_cert_file=/etc/ssl/certs/smtpd.crt\\
+smtpd_tls_key_file=/etc/ssl/private/smtpd.key