Ubuntu
為什麼 exim 從同一個文件中讀取證書和密鑰?
我通過將這些字元串添加到
01_exim4-config_listmacrosdefs
. 我使用拆分配置MAIN_TLS_ENABLE = yes MAIN_TLS_CERTKEY = /etc/exim4/example.com.crt MAIN_TLS_PRIVATEKEY = /etc/exim4/example.com.key
所以重新啟動後,連接到埠 465,輸入
EHLO
,STARTTLS
我得到了這個:454 TLS currently unavailable
在日誌中我有這個:
13:29:36 10872 SMTP<< STARTTLS 13:29:36 10872 initialising GnuTLS as a server 13:29:36 10872 GnuTLS global init required. 13:29:36 10872 initialising GnuTLS server session 13:29:36 10872 Expanding various TLS configuration options for session credentials. 13:29:36 10872 certificate file = /etc/exim4/example.com.crt 13:29:36 10872 key file = /etc/exim4/example.com.crt 13:29:36 10872 LOG: MAIN 13:29:36 10872 TLS error on connection from (192.168.1.111) [91.210.44.50] (cert/key setup: cert=/etc/exim4/example.com.crt key=/etc/exim4/example.com.crt): Error in parsing.
為什麼 exim 對證書和密鑰使用相同的文件?怎麼修?
我應該使用
MAIN_TLS_CERTIFICATE
而不是MAIN_TLS_CERTKEY
.
@chicks 如果伺服器故障允許我,我會投票。
仍然吸引人(即兩年後的我)。
從技術上講,
conf.d/main/03_exim4-config_tlsoptions
如果您在同一個文件中擁有證書和密鑰,則使用MAIN_TLS_CERTKEY
. 這是不好的做法,但允許。# MAIN_TLS_CERTIFICATE - path to certificate file, # CONFDIR/exim.crt if unset # MAIN_TLS_PRIVATEKEY - path to private key file # CONFDIR/exim.key if unset # You can also configure exim to look for certificate and key in the # same file, set MAIN_TLS_CERTKEY to that file to enable. This takes # precedence over all other settings regarding certificate and key file.
我掩飾了這一點,直接進入了
ifdef
陳述。其中第一個是:.ifdef MAIN_TLS_CERTKEY
我完全錯過了這
.else
部分:.ifdef MAIN_TLS_CERTKEY tls_certificate = MAIN_TLS_CERTKEY .else .ifndef MAIN_TLS_CERTIFICATE MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt .endif tls_certificate = MAIN_TLS_CERTIFICATE
TL;DR:是的,設置
MAIN_TLS_CERTIFICATE
而不是MAIN_TLS_CERTKEY
.