##language:en
----
 [[Exim4Configuration/CZ|česky]] | '''english'''
----
== Exim4 configuration ==
This page show you how to configure Exim4 to use a certficate. This example was used on a Debian system, but should be similar for most other systems.

=== Generate local server-side certificate ===
Run the command:
{{{
/usr/share/doc/exim4-base/examples/exim-gencert
}}}
(adding the '--force' option if you have already done this once.

Then execute:
{{{
openssl req -new -key /etc/exim4/exim.key -out /etc/exim4/exim.csr
}}}
supplying values at the prompt.

=== Generate CAcert certificate ===
Create a new server certificate and paste the contents of the file
`/etc/exim4/exim.csr`
where prompted.

Then copy what is generated to the file
`/etc/exim4/exim.crt`
(over-writing its existing contents).

=== Update Exim configuration files ===
For split-file configuration, edit the file
/etc/exim4/conf.d/main/03_exim4-config_tlsoptions
and uncomment:
{{{
# log_selector = +tls_cipher +tls_peerdn
# tls_advertise_hosts = *
# tls_certificate = CONFDIR/exim.crt
# tls_privatekey = CONFDIR/exim.key
}}}
Then, activate the exim4 changes by:
{{{
update-exim4.conf
/etc/init.d/exim4 restart
}}}

=== References ===

Following help file has been taken from Debian Exim4 package:
http://cvs.alioth.debian.org/cgi-bin/cvsweb.cgi/~checkout~/exim/exim/debian/README.TLS?rev=1.12&content-type=text/plain&cvsroot=pkg-exim4

A modified version of this information can be found on the Exim Wiki at http://www.exim.org/eximwiki/EximServerSslCertificate - please take informational changes to there too.

http://www.credentia.cc/certs/howto/exim.html describes how to enable verification against a CA certificate.

----
 . CategorySoftware
 . CategoryConfiguration