I'm just setting up a new Postix server with TLS on Centos 6, I've generated self certified certificate, that all seems OK as follows:
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt smtpd_tls_key_file = /etc/pki/tls/certs/server.key but I'm 'missing' the CAfile part looking at where my key/certificates are in /etc/pki/tls/certs/ I have so, is 'ca-bundle.trust.crt' what I put in smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.trust.crt or the ca-bundle.crt ?? /etc/pki/tls/certs/ -rw-r--r--. 1 root root 571450 Apr 8 2010 ca-bundle.crt -rw-r--r--. 1 root root 651083 Apr 8 2010 ca-bundle.trust.crt -rw-------. 1 root root 1155 Jun 17 14:23 localhost.crt -r--------. 1 root root 1383 Jul 7 00:01 server.crt -r-------- 1 root root 1094 Jul 7 00:01 server.csr -r-------- 1 root root 1675 Jul 6 23:59 server.key head ca-bundle.trust.crt # This is a bundle of X.509 certificates of public Certificate # Authorities. It was generated from the Mozilla root CA list. # These certificates are in the OpenSSL "TRUSTED CERTIFICATE" # format and have trust bits set accordingly. # # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt # # Generated from: # $RCSfile: certdata.txt,v $ # $Revision: 1.63 $ head ca-bundle.crt # This is a bundle of X.509 certificates of public Certificate # Authorities. It was generated from the Mozilla root CA list. # # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt # # Generated from: # $RCSfile: certdata.txt,v $ # $Revision: 1.63 $ # $Date: 2010/04/03 18:58:17 $
