Filter
Top Products
198 Chapter 12 Working with the Mail Service
Setting Up SSL for Mail Service
Mail service requires some configuration to provide Secure Sockets Layer (SSL)
connections automatically. The basic steps are as follows:
 Generate a Certificate Signing Request (CSR) and create a keychain.
 Obtain an SSL certificate from an issuing authority.
 Import the SSL certificate into the keychain.
 Create a password file.
Generating a CSR and Creating a Keychain
To begin configuring mail service for SSL connections, you generate a CSR and create a
keychain by using the certtool tool. A CSR is a file that provides information needed
to issue an SSL certificate.
1 Log in to the server as root.
2 In the Terminal application, enter the following two commands:
$ cd /private/var/root/Library/Keychains/
$ /usr/bin/certtool r csr.txt k=certkc c
This use of the certtool tool begins an interactive process that generates a CSR in the
file csr.txt and creates a keychain named certkc.
3 In the New Keychain Passphrase dialog that appears, enter a password for the keychain
you’re creating, enter the password a second time to verify it, and click OK.
Remember this password, because later you must supply it again.
4 When “Enter key and certificate label:” appears in the Terminal window, enter a one-
word key, a blank space, and a one-word certificate label, and then press Return.
For example, you could enter your organization’s name as the key and mailservice as
the certificate label.
5 Enter r when prompted to select a key algorithm, and then press Return.
Please specify parameters for the key pair you will generate.
r RSA
d DSA
f FEE
Select key algorithm by letter:
6 Enter a key size at the next prompt, and then press Return.
Valid key sizes for RSA are 512..2048; default is 512
Enter key size in bits or CR for default:
Larger key sizes are more secure, but require more processing time on your server. Key
sizes smaller than 1024 aren’t accepted by some certificate-issuing authorities.
7 Enter y when prompted to confirm the algorithm and key size, and then press Return.
You have selected algorithm RSA, key size (size entered above) bits.
OK (y/anything)?