New tools in Postfix 3.1-20160207
Viktor Dukhovni
ietf-dane at dukhovni.org
Mon Feb 8 03:39:52 CET 2016
It will soon (when 3.1 is released this month) be much easier
to manage your certificates and TLSA records with Postfix:
http://www.postfix.org/TLS_README.html#built-in
http://www.postfix.org/postfix-tls.1.html
This only supports DANE-EE(3) "3 1 1" TLSA records at present,
but should simplify interaction with Let's Encrypt by generating
the CSR for you, and separates creation of keys/certs from
deployment, giving you the opportunity to update the TLSA records
first, let the old records expire from secondary nameservers and
caches and then deploy...
--
Viktor.
More information about the dane-users
mailing list