Postfix: PositiveSSL Cert Install Problem

I'm trying to install an SSL certificate into dovecot and postfix. Here's the various files I have:

mail_exit66.crt

PostiveSSLCA2.crt

AddTrustExternalCARoot.crt

mail_exit66.key

I combined the 3 crts into one file (in the order above) and put it into /etc/ssl/certs/mailexit66.pem and the key followed by the 3 crts into one file and put it into /etc/ssl/private/mailexit66.pem.

I assigned them in the dovecot config (10-ssl.conf) and that works fine with out an SSL warning.

However, postfix isn't working so well and still gives the SSL warnings.

I've tried the various combinations based off various information I got off the interwebs:

smtpdtlscertfile=/etc/ssl/certs/mailexit66.pem

smtpdtlskeyfile=/etc/ssl/private/mailexit66.pem

smtpdtlscertfile=/etc/ssl/certs/mailexit66.crt

smtpdtlskeyfile=/etc/ssl/private/mailexit66.key

smtpdtlscertfile=/etc/ssl/certs/mailexit66.crt

smtpdtlskeyfile=/etc/ssl/private/mailexit66.key

smtpdtlsCAfile=/etc/ssl/certs/AddTrustExternalCARoot.crt

smtpdtlscertfile=/etc/ssl/certs/mailexit66.crt

smtpdtlskeyfile=/etc/ssl/private/mailexit66.key

smtpdtlsCAfile=/etc/ssl/certs/PostiveSSLCA2.crt

Any ideas on how I can get this working?

Thanks,

Andy

4 Replies

forum:bassburner 11 years, 2 months ago

And to add, there are no errors on starting Postfix in /var/log/syslog

forum:AGWA 11 years, 2 months ago

Try this:

smtpd_tls_cert_file=/etc/ssl/certs/mail_exit66.pem
smtpd_tls_key_file=/etc/ssl/private/mail_exit66.key

Note it's smtpdtlskeyfile, not smtpdtlsprivatefile.

forum:bassburner 11 years, 2 months ago

~~@AGWA:~~

Try this:
smtpd_tls_cert_file=/etc/ssl/certs/mail_exit66.pem
smtpd_tls_key_file=/etc/ssl/private/mail_exit66.key
Note it's smtpdtlskeyfile, not smtpdtlsprivatefile.

Turns out that was a typo, I am using smtpdtlskey_file. So I'm still stuck.

forum:bassburner 11 years, 2 months ago

Ok. I got it working by following instructions from here: ~~[http://www.byteslounge.com/tutorials/postfix-dovecot-ssl-configuration-example" target="_blank">](http://www.byteslounge.com/tutorials/po … on-example">http://www.byteslounge.com/tutorials/postfix-dovecot-ssl-configuration-example](

In master.cf:

at the end of the smtp line add:

-o smtpd_tls_cert_file=/etc/ssl/certs/mail_exit66.crt
-o smtpd_tls_key_file=/etc/ssl/private/mail_exit66.key

at the end of the smtps line add:

-o smtpd_tls_wrappermode=yes
-o smtpd_tls_cert_file=/home/root/certs/domain.crt
-o smtpd_tls_key_file=/home/root/certs/domain.key

Reply

Description

Please enter an answer

Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Compute

Storage

Networking

Databases

Services

Developer Tools

Industries

Pricing

Community

Engage With Us

Postfix: PositiveSSL Cert Install Problem

4 Replies

Reply

Tips: