For the WEB server it makes sens to have a certificate that is signed by a known CA. However, for postfix a self signed cert is just fine. When a user first connects with TLS, the mail client will complain. But with most mail clients (I use Thunderbird), you can get the certificate and store a permanent exception so it will never complain again. Other servers that make connections to deliver mail with STARTTLS generally don't care. Mike On 03/11/2013 07:05 PM, Austin Einter wrote: > Dear All > This is my continuation of postfix setup. > Following link > http://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServerfor > postfix setup. > > At one stage it says, > Configuring The Server Setup SSL Certificate > > Now generate an SSL certificate for postfix and dovecot to have TLS > support. Replace mail.example.com with your server hostname. >> genkey --days 3650 mail.example.com > > My doubt is , > > 1. I have to install a SSL certificate for for web server (apache case). I > am planning to purchase a SSL certificate and put it. The same certificate > will be useful for both web server and mail server OR both web and mail > server needs to separate separate SSL certificates. > > > 2. I hope for web server case, one must purchase a ssl certificate and use > it (so that browsers will work smoothly without complain). For mail server > can one use locally generated ssl certificate? > > > Kindly let me know. > > > Best Regards > > Austin > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos