[SOLVED] Mutual TLS
- Thread starter MartinH
- Start date
That's not possible directly via the GUI.
PMG itself has no support for this, but it seems Postfix can be configured [0].
Setting this option in postfix will add the requirement for every client to provide a certificate. This in turn can lead to issues if clients don't provide one [1].
[0] http://www.postfix.org/TLS_README.html#server_vrfy_client
[1] http://www.postfix.org/TLS_README.html#client_tls_limits
PMG itself has no support for this, but it seems Postfix can be configured [0].
Setting this option in postfix will add the requirement for every client to provide a certificate. This in turn can lead to issues if clients don't provide one [1].
[0] http://www.postfix.org/TLS_README.html#server_vrfy_client
[1] http://www.postfix.org/TLS_README.html#client_tls_limits
Hi, thanks for your fast reply.
Sorry for the misunderstanding. We need to send mails form Proxmox Mail GW to a server which require mutual TLS. So we need to provide our certificate to the remote mail server.
I'm sorry, I missed that.
If you require your postfix to present a client certificate to a server you send mails to, then the following applies:
http://www.postfix.org/TLS_README.html#client_cert_key
This comes with its own issues again though.
If you require your postfix to present a client certificate to a server you send mails to, then the following applies:
http://www.postfix.org/TLS_README.html#client_cert_key
This comes with its own issues again though.
Thank you very much Mira
That's works perfect, but I am a little bit worry about: "Client certificates are not usually needed, and can cause problems in configurations that work well without them."
What kinds of problems should I expect? I it possible to do this setting only for one remote server?