※自己証明書での送信です。
※Postfixです。
SSL証明書ディレクトリの作成
mkdir /etc/postfix/ssl/SERVER
CA局発行スクリプトの修正
cp /usr/lib/ssl/misc/CA.sh /etc/postfix/ssl/
vi /etc/postfix/ssl/CA.sh
if [ -z "$DAYS" ] ; then DAYS="-days 36500" ; fi # 100 year
CADAYS="-days 36500" # 100 years
if [ -z "$CATOP" ] ; then CATOP=/etc/postfix/ssl/CA ; fi
opensslスクリプトの修正
cp -pi /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.org
vi /etc/ssl/openssl.cnf
※2ヶ所のパス修正
[ CA_default ]
dir = /etc/postfix/ssl/CA
[ tsa_config1 ]
dir = /etc/postfix/ssl/CA
CA局の作成
CA秘密鍵の作成
sh /etc/postfix/ssl/CA.sh -newca
※cakey.pemのパスフレーズを入力
※Subject情報を入力
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Fukuoka
Locality Name (eg, city) []:Fukuoka-shi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Alterbooth Inc.
Organizational Unit Name (eg, section) []:TechRoom
Common Name (eg, YOUR name) []:FQDN
Email Address []:設定不要
CA証明書の作成
openssl req -new -x509 -keyout /etc/postfix/ssl/CA/private/cakey.pem -out /etc/postfix/ssl/CA/cacert.pem -days 36500
サーバー証明書の作成
秘密鍵の作成
openssl genrsa -rand rand.dat -des3 2048 > /etc/postfix/ssl/SERVER/FQDN.key.pem
鍵パスフレーズの削除
openssl rsa -in /etc/postfix/ssl/SERVER/FQDN.key.pem -out /etc/postfix/ssl/SERVER/FQDN.key.pem
証明書要求(CSR)の作成
openssl req -new -days 36500 -key /etc/postfix/ssl/SERVER/FQDN.key.pem -out /etc/postfix/ssl/SERVER/FQDN.csr.pem
Subject情報を入力
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Fukuoka
Locality Name (eg, city) []:Fukuoka-shi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Alterbooth Inc.
Organizational Unit Name (eg, section) []:TechRoom
Common Name (eg, YOUR name) []:FQDN
Email Address []:設定不要
証明書の作成
openssl ca -in /etc/postfix/ssl/SERVER/FQDN.csr.pem -keyfile /etc/postfix/ssl/CA/private/cakey.pem -cert /etc/postfix/ssl/CA/cacert.pem -out /etc/postfix/ssl/SERVER/FQDN.crt.pem
Postfix設定変更
main.cf修正
vi /etc/postfix/main.cf
以下を追記
#-------------------------------------#
# TLS
#-------------------------------------#
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_CAfile = /etc/postfix/ssl/CA/cacert.pem
smtpd_tls_cert_file = /etc/postfix/ssl/SERVER/FQDN.crt.pem
smtpd_tls_key_file = /etc/postfix/ssl/SERVER/FQDN.key.pem
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtp_tls_loglevel = 2
master.cfの修正
vi /etc/postfix/master.cf
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
postfix 再起動
service postfix restart
送信テスト
openssl s_client -connect FQDN:465
MAIL FROM: 送信元メールアドレス
RCPT TO: 宛先メールアドレス
DATA
Subject:Mail Send Test
From:送信元メールアドレス
To:宛先メールアドレス
Test Mail
.