diff options
| author | Yoshinari Takaoka | 2018-06-27 00:45:21 +0900 |
|---|---|---|
| committer | Yoshinari Takaoka | 2018-09-12 01:34:03 +0900 |
| commit | ae7eaf904c6f2ae5c48f8a3d6b7677e583f4ad14 (patch) | |
| tree | 65c7ae9c635abea64b17af03ae136b11ee06daf7 /imap/pop3d-ssl.dist.in.git | |
| parent | 1e54582243f3ac1a64d826c0af328a1b485789bf (diff) | |
| download | courier-libs-ae7eaf904c6f2ae5c48f8a3d6b7677e583f4ad14.tar.bz2 | |
[config] added TLS_PRIVATE_KEYFILE to [imap|pop3]d-ssl
Diffstat (limited to 'imap/pop3d-ssl.dist.in.git')
| -rw-r--r-- | imap/pop3d-ssl.dist.in.git | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/imap/pop3d-ssl.dist.in.git b/imap/pop3d-ssl.dist.in.git index ec16ce8..5e0d6cf 100644 --- a/imap/pop3d-ssl.dist.in.git +++ b/imap/pop3d-ssl.dist.in.git @@ -223,6 +223,44 @@ TLS_STARTTLS_PROTOCOL="$TLS_PROTOCOL" TLS_CERTFILE=@certsdir@/pop3d.pem +##NAME: TLS_PRIVATE_KEYFILE:0 +# +# TLS_PRIVATE_KEYFILE - SSL/TLS private key for decrypting client data. +# This file must be owned by the "@mailuser@" user, and must not be world +# readable. +# +# By default, courier generates SSL/TLS certifice including private key +# and install it in TLS_CERTFILE path, so TLS_PRIVATE_KEYFILE is completely +# optional. If TLS_PRIVATE_KEYFILE is not set (default), TLS_CERTFILE is +# treated as certificate including private key file. +# +# If you get SSL/TLS certificate and private key from trusted certificate +# authority(CA) and want to install them separately, TLS_PRIVATE_KEYFILE can +# be used as private key file path setting. +# +# VIRTUAL HOSTS ON THE SAME IP ADDRESS. +# +# $TLS_PRIVATE_KEYFILE.domain and $TLS_CERTFILE.domain are a pair. +# If you use VIRTUAL HOST feature on TLS_CERTFILE setting, you must set pair +# private key as $TLS_PRIVATE_KEYFILE.domain. Then, create a link from +# $TLS_PRIVATE_KEYFILE to whichever private key you consider to be the main one. +# for example: +# /etc/tls_private_keyfile.pem => /etc/tls_private_keyfile.pem.www.example.com +# +# IP-BASED VIRTUAL HOSTS: +# +# Just described on "VIRTUAL HOSTS ON THE SAME IP ADDRESS" above, +# $TLS_PRIVATE_KEYFILE.aaa.bbb.ccc.ddd and $TLS_CERTFILE.aaa.bbb.ccc.ddd are +# a pair. If TLS_PRIVATE_KEYFILE is set to /etc/tls_private_keyfile.pem, +# then you'll need to install the actual certificate files as +# /etc/tls_private_keyfile.pem.192.168.0.2, /etc/tls_private_keyfile.192.168.0.3 +# and so on, for each IP address. +# +# In all cases, $TLS_PRIVATE_KEYFILE needs to be linked to one of the existing +# certificate files. +# +#TLS_PRIVATE_KEYFILE=@certsdir@/pop3d_private_key.pem + ##NAME: TLS_DHPARAMS:0 # # TLS_DHPARAMS - DH parameter file. |