Install CACert certificate for postfix smtp/tls

CAcert.org (https://www.cacert.org/) is a free cerfificate authority, if you join and verify that you have control over a domain (eg by recieving an email to hostmaster@…) then you can generate a certificate request.

  • login to cacert, go to domains and add the FQDN of the server you will adding the certificates for.
  • When openssl asks for your name, enter the FQDN of the server
$ openssl req -nodes -newkey rsa:2048 -keyout private.key -out server.csr

Then you paste server.csr into the form on their web site and they email you back a certificate, save this as server.crt.

Get the CAcert public key and copy everything into place:

wget http://www.cacert.org/cacert.crt
cp cacert.crt /etc/postfix/ssl/cacert.pem
cp private.key /etc/postfix/ssl/newreq.pem
cp server.crt /etc/postfix/ssl/newcert.pem

This is for main.cf, see also the other stuff above:

smtpd_tls_key_file = /etc/postfix/ssl/newreq.pem
smtpd_tls_cert_file = /etc/postfix/ssl/newcert.pem
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
  • Got to the cacert site and refresh the certificate
  • open /etc/postfix/ssl/newcert.pem and paste in the new certificate
  • restart postfix
  • test sending a mail with tls enabled

Source: https://wiki.slugbug.org.uk/Postfix_TLS

~~LINKBACK~~

Enter your comment. Wiki syntax is allowed:
If you can't read the letters on the image, download this .wav file to get them read to you.