Hi, I have a question regarding specifying where the list of trusted CA’s are in regards to the smtp client.
In man 5 postconf, I can see there are two configuration parameters regarding this: smtp_tls_CAfile smtp_tls_CApath The documentation (as I understand it), notes that: 1. smtp_tls_CAfile — Specifies file that contains CA certs of root CA’s trusted to sign either remote SMTP server certificates or intermediate CA certificates 2. smtp_tls_CApath — Specifies directory with PEM format CA certs that smtp client uses to verify remote SMTP server certificate — Preferred over smtp_tls_CAfile when the number of trusted roots is large On one of my installations of Postfix 3.1.0 on Ubuntu 16.04 LTS, I use CAfile to specify the file that stores all the CA certs: smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt My questions are: 1. Is that correct ? 2. Is there any other guidance on when to prefer smtp_tls_CApath over smtp_tls_CAfile ? Thanks, - J