Using a SSL certificate chain with eXpurgate
Posted by Karsten Kaus on 20 July 2016 01:50 PM
Applies to: eXpurgate On-Premise, configuration, TLS, certificate, chain
Modified on: 08/09/2016
eXpurgate allows to receive and deliver emails via TLS-encrypted connections. In addition to encrypting the communication it is possible to verify the authenticity of the respective communication partner. A private key and a certificate in accordance with X.509 are required for this. eXpurgate supports self-signed certificates and certificates from a Certificate Authority.
Certificates and keys have to be Base64 encoded test files. Common filename extensions are PEM, CER and CRT. The certificate file used in eXpurgate's configuration has to have the following structure:
Please note: eXpurgate does not support binary encoded DER.
The path to the certificate file has to be added to the <Tls> section in eXpurgate's configuration (default: /etc/expurgate/expurgate.conf):
In MS Windows double backslashes have to be used:
The parameters TrustedCertificate and TrustedCertificateDirectory are to be used to validate the certificates of other clients that might connect to eXpurgate.
Auch in Deutsch, das erleichtert die Antwort an den Kunden wenn OTRS dann nicht mehr verfügbar ist:
Bitte legen Sie die Zertifikatskette für eXpurgate in einer einzelnen Datei nach diesem