Exim4 configuration

This page show you how to configure Exim4 to use a certficate. This example was used on a Debian system, but should be similar for most other systems.

Generate local server-side certificate

Run the command:


(adding the '--force' option if you have already done this once.

Then execute:

openssl req -new -key /etc/exim4/exim.key -out /etc/exim4/exim.csr

supplying values at the prompt.

Generate CAcert certificate

Create a new server certificate and paste the contents of the file /etc/exim4/exim.csr where prompted.

Then copy what is generated to the file /etc/exim4/exim.crt (over-writing its existing contents).

Update Exim configuration files

For split-file configuration, edit the file /etc/exim4/conf.d/main/03_exim4-config_tlsoptions and uncomment:

# log_selector = +tls_cipher +tls_peerdn
# tls_advertise_hosts = *
# tls_certificate = CONFDIR/exim.crt
# tls_privatekey = CONFDIR/exim.key

Then, activate the exim4 changes by:

/etc/init.d/exim4 restart


Following help file has been taken from Debian Exim4 package: http://cvs.alioth.debian.org/cgi-bin/cvsweb.cgi/~checkout~/exim/exim/debian/README.TLS?rev=1.12&content-type=text/plain&cvsroot=pkg-exim4

A modified version of this information can be found on the Exim Wiki at http://www.exim.org/eximwiki/EximServerSslCertificate - please take informational changes to there too.

http://www.credentia.cc/certs/howto/exim.html describes how to enable verification against a CA certificate.