For the WEB server it makes sens to have a certificate that is signed by a known CA. However, for postfix a self signed cert is just fine. When a user first connects with TLS, the mail client will complain. But with most mail clients (I use Thunderbird), you can get the certificate and store a permanent exception so it will never complain again. Other servers that make connections to deliver mail with STARTTLS generally don't care.
Mike
On 03/11/2013 07:05 PM, Austin Einter wrote:
Dear All This is my continuation of postfix setup. Following link http://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServ... postfix setup.
At one stage it says, Configuring The Server Setup SSL Certificate
Now generate an SSL certificate for postfix and dovecot to have TLS support. Replace mail.example.com with your server hostname.
genkey --days 3650 mail.example.com
My doubt is ,
- I have to install a SSL certificate for for web server (apache case). I
am planning to purchase a SSL certificate and put it. The same certificate will be useful for both web server and mail server OR both web and mail server needs to separate separate SSL certificates.
- I hope for web server case, one must purchase a ssl certificate and use
it (so that browsers will work smoothly without complain). For mail server can one use locally generated ssl certificate?
Kindly let me know.
Best Regards
Austin _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos