Enhancement #43
closed
Postfix TLS rework
70%
Description
Due tu chrooting ?
Needs to re-gather CA certs for known entities (RtpNet, T1R, ...) and recheck this.
Updated by Marc Dequènes over 13 years ago
- Status changed from In Progress to New
- % Done changed from 10 to 0
- Security set to No
Updated by Marc Dequènes over 13 years ago
- Tracker changed from Bug to Enhancement
- Subject changed from Postfix TLS problems: registered certs not accepted correctly to Postfix TLS rework
Updated by Marc Dequènes over 13 years ago
- Status changed from New to In Progress
- Assignee set to Marc Dequènes
- % Done changed from 0 to 10
Updated TLS configuration on Orfeo to use the one-file PEM generated by ca-certificates (see #184). Only trusted certificates are added to the list now, so this won't cause any problem.
I added the DC and MP domains to verification (verify mode), so we need to watch and ensure it works well. Later we should try turning it to secure mode.
We should also add TLS support to Toushirou when the configuration details are validated on Orfeo.
Updated by Marc Dequènes over 13 years ago
- % Done changed from 40 to 70
Fixed Orfeo not using the right certificate.
Added TLS support for Toushirou, but had a strange problem where a trusted connection is well made with mx1 but Toushirou wants to send to mx0.hivane.net for an unknown reason. As Hivane does not provide TLS, we may have to lower the security level temporarily. I'll ask them about this feature.
Updated by Marc Dequènes almost 9 years ago
- Status changed from In Progress to Rejected
We are using TLSA from now on, so there is no need to care about this anymore.