It’s time to make our SMTP transactions encrypted using TLS. TLS itself stands for Transport Layer Security. it encrypts the communication between two hosts.
As usual when building postfix RPM package, i recommended using tutorial on how to compile postfix rpm source at Simon J Mudd’s website
When you’ve done with compiling postyfix with TLS support, continue to these how to create self signed postfix tls certificates
- Certificates part
# cd /etc/postfix # mkdir ssl # cd ssl # mkdir certs crl newcerts private # echo "01" > serial # cp /dev/null index.txt # cat /etc/pki/tls/openssl.cnf | sed -e 's/\/etc\/pki\/CA/\./' | sed -e 's/\.\/demoCA/\./' > openssl.cnf # openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf # openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem -days 3650 -config openssl.cnf # openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem # openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem -infiles tmp.pem # cp cacert.pem /etc/postfix # grep -B 100 "END PRIVATE KEY" newreq.pem > /etc/postfix/key.pem # chmod 400 /etc/postfix/key.pem # cp newcert.pem /etc/postfix/cert.pem