CA cert file problem

How to creating CAfile for postfix, I will try using postfix with Amazon SES.

Can you provide a little more information, to save us guessing what you want.

Are you asking how to obtain a standard certificate ? or how to configure postfix ? or something else ?

I have 4 certificate - cert.pem,chain.pem,fullchain.pem,privkey.pem.
I was added this to my apache, all working properly.
For me needed certificate for my postfix server using with AWS, tutorial:

Look at this tutorial line sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt’
Question, where I can find CA-certificates, no one working from 4 upper certificates.

copy the cert, chain and key files into a single file, and use that,

cat privkey.pem cert.pem chain.pem > ca-certificates.crt

then use the ca-certificate.crt

done, but still have error in mail.log
(TLS is required, but was not offered by host[])

Some of your other config is not correct. With the limited details you provide, I can’t say exactly what is wrong in the config.

another type of certificates:

ssl_cert = </etc/pki/tls/certs/server.crt
ssl_key = </etc/pki/tls/private/server.key
ssl_ca = </etc/pki/tls/certs/

server.crt and server.key, what a file I must using?

ssl_cert = cert.pem
ssl_key = privkey.pem
ssl_ca = chain.pem (or, possibly fullchain.pem depending on the software / version)

thank a lot. i will try tomorrow.

Euh, those settings look more like Dovecot settings to me… Postfix uses smtpd_tls_cert_file and smtpd_tls_key_file. You can feed fullchain.pem to smtpd_tls_cert_file so it will send the intermediate certificate automatically.

This latter also goes for Dovecot: just feed ssl_cert the fullchain.pem so you won’t need ssl_ca (which is for TLS client authentication, which you probably don’t need/want…)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.