OpenSMTPD Certificates [FAQ Index]

Certificate Options

The following certificate options can be specified in the smtpd(8) configuration file.
ca hostname certificate cafile
Associate a custom CA certificate cafile with hostname.

ciphers cipher-list
Specify an alternate list of ciphers to use when establishing TLS sessions. It is highly recommended to avoid making use of this option unless there is a good understanding of the implications. When not specified, only ciphers considered safe are chosen.

pki hostname certificate certfile
Associate the certificate located in certfile with hostname. A certificate chain may be created by appending one or many certificates, including a Certificate Authority certificate, to certfile. Creation of certificates is documented in starttls(8).

pki hostname key keyfile
Associate the key located in keyfile with hostname.

Certificate Example

The following example shows the usage of some of the certificate options described above:
# pki setup
pki certificate "/etc/ssl/"
pki key "/etc/ssl/private/"

# listen ports setup
listen on lo0
listen on egress port 25 tls pki