Dec 112009

It’s time to make our SMTP transactions encrypted using TLS. TLS itself stands for Transport Layer Security. it encrypts the communication between two hosts.

As usual when building postfix RPM package, i recommended using tutorial on how to compile postfix rpm source at Simon J Mudd’s website

When you’ve done with compiling postyfix with TLS support, continue to these how to create self signed postfix tls certificates

  • Certificates part
  • # cd /etc/postfix
    # mkdir ssl
    # cd ssl
    # mkdir certs crl newcerts private
    # echo "01" > serial
    # cp /dev/null index.txt
    # cat /etc/pki/tls/openssl.cnf | sed -e 's/\/etc\/pki\/CA/\./' | sed -e 's/\.\/demoCA/\./' > openssl.cnf
    # openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
    # openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem -days 3650 -config openssl.cnf
    # openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
    # openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem -infiles tmp.pem
    # cp cacert.pem /etc/postfix
    # grep -B 100 "END PRIVATE KEY" newreq.pem > /etc/postfix/key.pem
    # chmod 400 /etc/postfix/key.pem
    # cp newcert.pem /etc/postfix/cert.pem

    Continue reading »