Filter
Top Products
Chapter 11 Working With Mail Service 119
Setting Up SSL for Mail Service
Mail service requires some configuration to provide Secure Sockets Layer (SSL)
connections automatically. The basic steps are as follows:
• Generate a Certificate Signing Request (CSR) and create a keychain.
• Obtain an SSL certificate from an issuing authority.
• Import the SSL certificate into the keychain.
• Create a passphrase file.
Generating a CSR and Creating a Keychain
To begin configuring Mail service for SSL connections, you generate a CSR and create a
keychain by using the command-line tool certtool. A CSR is a file that provides
information needed to issue an SSL certificate.
1 Log in to the server as root.
2 In the Terminal application, type the following two commands:
$ cd /private/var/root/Library/Keychains/
$ /usr/bin/certtool r csr.txt k=certkc c
This use of the certtool command begins an interactive process that generates a
Certificate Signing Request (CSR) in the file csr.txt and creates a keychain named certkc.
3 In the New Keychain Passphrase dialog that appears, enter a passphrase or password
for the keychain you’re creating, enter the password or passphrase a second time to
verify it, and click OK.
Remember this passphrase, because later you must supply it again.
4 When “Enter key and certificate label:” appears in the Terminal window, type a one-
word key, a blank space, and a one-word certificate label, then press Return.
For example, you could type your organization’s name as the key and mailservice as
the certificate label.
5 Type r when prompted to select a key algorithm, then press Return.
Please specify parameters for the key pair you will generate.
r RSA
d DSA
f FEE
Select key algorithm by letter:
6 Type a key size at the next prompt, then press Return.
Valid key sizes for RSA are 512..2048; default is 512
Enter key size in bits or CR for default:
Larger key sizes are more secure, but require more processing time on your server. Key
sizes smaller than 1024 aren’t accepted by some certificate-issuing authorities.
LL2354.book Page 119 Monday, October 20, 2003 9:47 AM