User Tools

Site Tools


blog:install_cacert_certificate_for_postfix_smtp:tls

Install CACert certificate for postfix smtp/tls

CAcert.org (https://www.cacert.org/) is a free cerfificate authority, if you join and verify that you have control over a domain (eg by recieving an email to hostmaster@…) then you can generate a certificate request.

  • login to cacert, go to domains and add the FQDN of the server you will adding the certificates for.
  • When openssl asks for your name, enter the FQDN of the server
$ openssl req -nodes -newkey rsa:2048 -keyout private.key -out server.csr

Then you paste server.csr into the form on their web site and they email you back a certificate, save this as server.crt.

Get the CAcert public key and copy everything into place:

wget http://www.cacert.org/cacert.crt
cp cacert.crt /etc/postfix/ssl/cacert.pem
cp private.key /etc/postfix/ssl/newreq.pem
cp server.crt /etc/postfix/ssl/newcert.pem

This is for main.cf, see also the other stuff above:

smtpd_tls_key_file = /etc/postfix/ssl/newreq.pem
smtpd_tls_cert_file = /etc/postfix/ssl/newcert.pem
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

Refreshing the certificate:

  • Got to the cacert site and refresh the certificate
  • open /etc/postfix/ssl/newcert.pem and paste in the new certificate
  • restart postfix
  • test sending a mail with tls enabled

Source: https://wiki.slugbug.org.uk/Postfix_TLS

~~LINKBACK~~

Discussion

Enter your comment. Wiki syntax is allowed:
  _      __   _  __  __  __  _____  ____ 
 | | /| / /  / |/ / / / / / / ___/ / __ \
 | |/ |/ /  /    / / /_/ / / /__  / /_/ /
 |__/|__/  /_/|_/  \____/  \___/  \____/
 
blog/install_cacert_certificate_for_postfix_smtp/tls.txt · Last modified: 2014-05-21 07:15 by brb