13,420
edits
Changes
no edit summary
cp vm2.andrewsmith.org.crt cacert.pem /etc/ssl/certs/</source>
::'''NOTE:''' Those commands will create a certificate, a certificate signing request, a certificate authority, and a sign your certificate with your certificate authority. Same as in the real world except there you would contact a real CA, here you're making up your own.
<ol><li value="2">Now, configure Postfix to use the generated certificate, by adding the following to your '''main.cf''' file:</li></ol>
[[Image:SMTP-certificate-warning.png]]
::'''NOTE:''' Your message may look slightly different (This author, that created the diagram above, made a little mistake when generating the certificate).
<ol><li value="3">After you confirm that security exception, send another email to yourself and make sure you receive it.</li><li> Notice that from the user's point of view nothing is different. But if you were an evildoer trying to steal an identity (the difference is huge). Before it was trivial and now it's computationally prohibitive.</li></ol>
cp vm3.andrewsmith.org.crt cacert.pem /etc/ssl/certs/</source>
::'''NOTE:''' This process is identical to what you've done for the vm2 certificate. In fact if your IMAP and SMTP servers are on the same machine (i.e. you can share the certificate between them). In our case, they are not on the same machine.
<ol><li value="2">Next, we need to configure Dovecot to use this for encrypted connections and not allow any kind of plain text connections. Edit the '''10-auth.conf''' <u>and</u> '''10-ssl.conf''' files and change the following settings:</li></ol>
#Next, reconfigure your account settings in Thunderbird to use SSL/TLS connection security with your IMAP server.
::'''NOTE:''' You will get a warning because you're using a self-signed certificate, in that case, make certain to authorize the exception.
'''Record steps, commands, and your observations in INVESTIGATION 1 in your OPS335 lab log-book'''
