From 25ae216e008246e3221c3e706fef5286a4820d71 Mon Sep 17 00:00:00 2001 From: Ashiq5 Date: Wed, 4 Nov 2020 22:00:28 +0600 Subject: [PATCH] minor --- .gitignore | 1 - WhatIDidSoFar.md | 9 ++++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index a64c166d..6d7e391b 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,3 @@ externals/ .env .vagrant api/docs/api-docs.html -WhatIDidSoFar.md diff --git a/WhatIDidSoFar.md b/WhatIDidSoFar.md index 5e3c0031..069fee73 100644 --- a/WhatIDidSoFar.md +++ b/WhatIDidSoFar.md @@ -68,7 +68,14 @@ are the steps that you gotta follow: h) _Now type firefox in your putty terminal and you should see the output in firefox browser in your windows host machine_ - +What is done here? +Mail-in-a-box is an open source sw that provides you the options to control your mail server yourself. It gives you a DNS server as well and +has all the necessary settings like DNSSEC, DANE TLSA, etc. But the existing software doesn't really provide the options for +renewing key. It creates a key pair initially and uses this key during the whole lifetime of the setup. If any user updates +the key, he or she will have to manually change the certificates and TLSA records which is error-prone. So, what I did is provide an option to +renew the cert for user with both the existing key and with a new key and if user does so with a new key, then update the +TLSA records. I followed the double TLSA scheme. Main motivation of doing this is to reduce the number of misconfigurations +due to manual key rollover. To make it work into an existing mailinabox setup, you need to do the following: 1. sudo setup/ssl.sh