Install CACert certificate for postfix smtp/tls

CAcert.org (https://www.cacert.org/) is a free cerfificate authority, if you join and verify that you have control over a domain (eg by recieving an email to hostmaster@…) then you can generate a certificate request.

login to cacert, go to domains and add the FQDN of the server you will adding the certificates for.
When openssl asks for your name, enter the FQDN of the server

$ openssl req -nodes -newkey rsa:2048 -keyout private.key -out server.csr

Then you paste server.csr into the form on their web site and they email you back a certificate, save this as server.crt.

Get the CAcert public key and copy everything into place:

wget http://www.cacert.org/cacert.crt
cp cacert.crt /etc/postfix/ssl/cacert.pem
cp private.key /etc/postfix/ssl/newreq.pem
cp server.crt /etc/postfix/ssl/newcert.pem

This is for main.cf, see also the other stuff above:

smtpd_tls_key_file = /etc/postfix/ssl/newreq.pem
smtpd_tls_cert_file = /etc/postfix/ssl/newcert.pem
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

Refreshing the certificate:

Got to the cacert site and refresh the certificate
open /etc/postfix/ssl/newcert.pem and paste in the new certificate
restart postfix
test sending a mail with tls enabled

Source: https://wiki.slugbug.org.uk/Postfix_TLS

postfix, linux, security, ssl, tls

~~LINKBACK~~

Discussion

Real name:

E-Mail:

Enter your comment. Wiki syntax is allowed:

Please fill all the letters into the box to prove you're human.

  _      __  _   __   ___    __  ___   ____
 | | /| / / | | / /  / _ \  /  |/  /  / __/
 | |/ |/ /  | |/ /  / ___/ / /|_/ /  / _/  
 |__/|__/   |___/  /_/    /_/  /_/  /_/

Please keep this field empty:

Subscribe to comments