Loading ...
Sorry, an error occurred while loading the content.

Re: TLS with Encrypted Private Key

Expand Messages
  • DTNX Postmaster
    ... Do not top-post, please. As for the certificate, I assume that you are talking about a private key with a password? Have a look at the OpenSSL
    Message 1 of 5 , Aug 5, 2013
    • 0 Attachment
      On Aug 5, 2013, at 07:12, Yishen Miao <mys721tx@...> wrote:

      > I'm trying to re-use my SSL certificate for Apache on postfix which is encrypted. It would be convent if postfix can support that.
      >
      > Also, an encrypted private key that is read-only for root sounds more secure than a plain one in the worse problem scenarios. :-p

      Do not top-post, please.

      As for the certificate, I assume that you are talking about a private
      key with a password? Have a look at the OpenSSL documentation, there's
      probably a way to export/convert your password-protected private key to
      one that does not require a password to be entered.

      Also, 'sounds more secure' is pretty much the only benefit you would
      get from Postfix support for such private keys. Because if someone can
      read your private key, they have root privileges, and they could just
      replace your certificate completely. In other words, it only sounds
      more secure, but isn't in practice.

      Mvg,
      Joni

      --

      > On Aug 4, 2013, at 9:54 PM, wietse@... (Wietse Venema) wrote:
      >
      >> Yishen Miao:
      >>> Hello world,
      >>>
      >>> I was configuring my postfix server for TLS support today and found
      >>> out that Postfix does not support encrypted private key.
      >>>
      >>> I wonder is there any plan about adding such feature to postfix?
      >>
      >> There are no such plans. If random people can read a private key
      >> file that is read-only for root, then you have worse problems than
      >> email security.
      >>
      >> Wietse
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.