CAcert
/etc/ssl/cacert/
openssl genrsa -out josef-friedrich.de.key 2048
chown root:root josef-friedrich.de.key
chmod 0400 josef-friedrich.de.key
openssl req -new -key josef-friedrich.de.key -out josef-friedrich.de.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
\-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Germany
Locality Name (eg, city) []:Nuremberg
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Josef Friedrich
Organizational Unit Name (eg, section) []:Josef Friedrich
Common Name (e.g. server FQDN or YOUR name) []:josef-friedrich.de
Email Address []:jos.friedrich@gmail.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:.
An optional company name []:.
To verify:
openssl req -noout -text -in josef-friedrich.de.csr
openssl rsa -noout -text -in josef-friedrich.de.key
Wildcard Certificate
openssl req -newkey rsa:2048 -subj /CN=*.josef-friedrich.de -nodes -keyout
josef-friedrich.de_key_.pem -out josef-friedrich.de.csr.pem
cat josef-friedrich.csr.pem
Dovecot
/etc/dovecot/conf.d/10-ssl.conf
# SSL/TLS support: yes, no, required.
#ssl = yes
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
#ssl_cert = #ssl_key = ssl_cert = ssl_key =
Postfix
/etc/postfix/main.cf
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/cacert/josef-friedrich.de.crt
smtpd_tls_key_file=/etc/ssl/cacert/josef-friedrich.de.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
{% auto_image_include %}