Ubuntu

為什麼 exim 從同一個文件中讀取證書和密鑰?

  • January 19, 2019

我通過將這些字元串添加到01_exim4-config_listmacrosdefs. 我使用拆分配置

MAIN_TLS_ENABLE = yes
MAIN_TLS_CERTKEY = /etc/exim4/example.com.crt
MAIN_TLS_PRIVATEKEY = /etc/exim4/example.com.key

所以重新啟動後,連接到埠 465,輸入EHLOSTARTTLS我得到了這個:454 TLS currently unavailable

在日誌中我有這個:

13:29:36 10872 SMTP<< STARTTLS
13:29:36 10872 initialising GnuTLS as a server
13:29:36 10872 GnuTLS global init required.
13:29:36 10872 initialising GnuTLS server session
13:29:36 10872 Expanding various TLS configuration options for session credentials.
13:29:36 10872 certificate file = /etc/exim4/example.com.crt
13:29:36 10872 key file = /etc/exim4/example.com.crt
13:29:36 10872 LOG: MAIN
13:29:36 10872   TLS error on connection from (192.168.1.111) [91.210.44.50] (cert/key setup: cert=/etc/exim4/example.com.crt key=/etc/exim4/example.com.crt): Error in parsing.

為什麼 exim 對證書和密鑰使用相同的文件?怎麼修?

我應該使用MAIN_TLS_CERTIFICATE而不是MAIN_TLS_CERTKEY.

@chicks 如果伺服器故障允許我,我會投票。

仍然吸引人(即兩年後的我)。

從技術上講,conf.d/main/03_exim4-config_tlsoptions如果您在同一個文件中擁有證書和密鑰,則使用MAIN_TLS_CERTKEY. 這是不好的做法,但允許。

#   MAIN_TLS_CERTIFICATE - path to certificate file,
#                          CONFDIR/exim.crt if unset
#   MAIN_TLS_PRIVATEKEY  - path to private key file
#                          CONFDIR/exim.key if unset
# You can also configure exim to look for certificate and key in the
# same file, set MAIN_TLS_CERTKEY to that file to enable. This takes
# precedence over all other settings regarding certificate and key file.

我掩飾了這一點,直接進入了ifdef陳述。其中第一個是:

.ifdef MAIN_TLS_CERTKEY

我完全錯過了這.else部分:

.ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE

TL;DR:是的,設置MAIN_TLS_CERTIFICATE而不是MAIN_TLS_CERTKEY.

引用自:https://serverfault.com/questions/797873