OpenSMTPD: Certificates

OpenSMTPD Certificates [FAQ Index]

Certificate Options
Certificate Example

Certificate Options

The following certificate options can be specified in the smtpd(8) configuration file.

ca hostname certificate cafile: Associate a custom CA certificate cafile with hostname.
ciphers cipher-list: Specify an alternate list of ciphers to use when establishing TLS sessions. It is highly recommended to avoid making use of this option unless there is a good understanding of the implications. When not specified, only ciphers considered safe are chosen.
pki hostname certificate certfile: Associate the certificate located in certfile with hostname. A certificate chain may be created by appending one or many certificates, including a Certificate Authority certificate, to certfile. Creation of certificates is documented in starttls(8).
pki hostname key keyfile: Associate the key located in keyfile with hostname.

Certificate Example

The following example shows the usage of some of the certificate options described above:

# pki setup
pki mail.example.com certificate "/etc/ssl/mail.example.com.crt"
pki mail.example.com key "/etc/ssl/private/mail.example.com.key"

# listen ports setup
listen on lo0
listen on egress port 25 tls pki mail.example.com