何故か前回作ったKeyではダメだったので専用に作り直し、iptablesの995も同時に開ける
証明書の作成
# mkdir -p /usr/local/sslpop
# openssl req -new -nodes -out req.pem -keyout /usr/local/sslpop/cert.pem
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Aichi
Locality Name (eg, city) []:Okazaki
Organization Name (eg, company) [Internet Widgits Pty Ltd]:pecos.myhome.cx
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:pecos.myhome.cx
Email Address []:xxx@pecos.myhome.cx
A challenge password[]:
An optional company name []:
証明書の認証
# openssl genrsa -des3 -out ca.key 1024
Enter pass phrase for ca.key: < パスフレーズ※1>
Verifying – Enter pass phrase for ca.key: < パスフレーズ※1再>
以降はもう参考にしたサイト通りにw
#openssl req -new -x509 -days 365 -key ca.key -out ca.crt
Enter pass phrase for ca.key:< パスフレーズ※1>
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Aichi
Locality Name (eg, city) []:Okazaki
Organization Name (eg, company) [Internet Widgits Pty Ltd]:pecos.myhome.cx
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:pecos.myhome.cx
Email Address []:xxx@peocs.myhome.cx
勿論、意味はわかってませんw
# openssl x509 -req -CA ca.crt -CAkey ca.key -days 365 -in req.pem -out signed-req.pem -CAcreateserial
Enter pass phrase for ca.key:< パスフレーズ※1>
何か連結するらしいぞw
# (cat signed-req.pem ; cat cert.pem) > mail.pem
# chown pop mail.pem
# chmod 660 mail.pem
qpopperをキックさせるxinetdの設定
# vi /etc/xinet.d/qpopper
service pop3s
{
flags = REUSE NAMEINARGS
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.qpopper
server_args = popper -f /etc/qpopper995.cfg -s
instances = 50
disable = no
per_source = 10
}
cfgは新規で作成らしいぞw
# vi /etc/qpopper995.cfg
set clear-text-password = ssl
set tls-support = alternate-port
set tls-version = default
set tls-server-cert-file = /usr/local/sslpop/mail.pem
# /etc/init.d/xinetd restart
鶴亀メールからはPOP over SSLで繋がったようだ