Skip to content

docs: SSL - Revise self-signed cert provisioning#2021

Merged
wernerfred merged 4 commits intomasterfrom
docs/ssl-deprecate-selfsigned-generator-advice
Jun 1, 2021
Merged

docs: SSL - Revise self-signed cert provisioning#2021
wernerfred merged 4 commits intomasterfrom
docs/ssl-deprecate-selfsigned-generator-advice

Conversation

@polarathene
Copy link
Copy Markdown
Member

@polarathene polarathene commented Jun 1, 2021
edited
Loading

Description

We no longer support this method with setup.sh from v10 onwards (previously deprecated), SSL_TYPE=self-signed remains supported however.

Advice has been revised for users to provide their own self-signed cert or use an external tool with an example provided.

Direct preview link.

Type of change

Complimentary documentation update for the v10 deprecation of the shell script tool.

  • Improvement (non-breaking change that does improve existing functionality)
  • This change requires a documentation update

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation (README.md or the documentation under docs/)
  • If necessary I have added tests that prove my fix is effective or that my feature works

I have followed the new advice on a minimal setup, and a simple test on verification working with (run within the same container):

openssl s_client -CAfile /etc/postfix/ssl/cacert.pem -connect mail.example.test:587 -starttls smtp | grep 'Verification'

# Successful
Verification: OK

# Failure (not providing valid `-CAfile`)
Verification error: self signed certificate in certificate chain

A future release will deprecate SSL_TYPE of self-signed, when manual and custom (undocumented) are unified to support all three types as one.

@polarathene
docs: SSL - Deprecate internal self-signed cert tool
430fbcc 
We no longer support this method with `setup.sh` from v10 onwards, `SSL_TYPE=self-signed` remains supported however. Advice has been revised for users to provide their own self-signed cert or use an external tool with an example provided.
polarathene
polarathene commented Jun 1, 2021
View reviewed changes
Comment thread docs/content/config/security/ssl.md Outdated
polarathene
polarathene commented Jun 1, 2021
View reviewed changes
Comment thread docs/content/config/security/ssl.md Outdated
polarathene
polarathene commented Jun 1, 2021
View reviewed changes
Comment thread docs/content/config/security/ssl.md Outdated
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 1, 2021

Documentation preview for this PR is ready! 🎉

Built with commit: 22b53f9

@polarathene polarathene mentioned this pull request Jun 1, 2021
Merged
9 tasks
@wernerfred wernerfred added this to the v10.0.0 milestone Jun 1, 2021
wernerfred
wernerfred approved these changes Jun 1, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@wernerfred wernerfred left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks

@wernerfred wernerfred merged commit 2a08385 into master Jun 1, 2021
@wernerfred wernerfred deleted the docs/ssl-deprecate-selfsigned-generator-advice branch June 1, 2021 07:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wernerfred wernerfred wernerfred approved these changes

Assignees

@polarathene polarathene

Labels

area/documentation

Projects

None yet

Milestone

v10.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@polarathene @wernerfred