• 12
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Using Microsoft CA to create TLS key/cert for Postfix

I'm trying to configure a postfix mailserver to use TLS encryption for SMTP (and IMAP with dovecot, but I haven't gotten to that point yet). It's running on a Fedora 14 machine and I'm using webmin to manage it.

I have a Windows domain with the DC also setup as a Microsoft Certificate Authority and I created a GP that adds the CA as a trusted root ca. I have web services installed so I can go to localhost/certsrv to request new certificates. Anyway, I'd like to use the Microsoft CA to create the Private Key, Public key, and CA Cert for the postfix mail server.

The intent is that all users connecting to the server with SMTP (and later IMAP) will use SSL/TLS and will trust the server because they trust the CA.

Let me know if you need any more info or any suggestions.

      • 1
    • I tried creating a new certificate from the 'website' template. I didn't provide a 'request' or anything from my linux server, just started by going to localhost/certsrv and tried to create a new cert. It never asked for the common name of the server, so I assumed I was doing something wrong.
      • 1
    • Am I supposed to generate a key pair on the linux server using openssl and then just use my Microsoft CA to sign the public key? If so, the openssl commands would be super useful.

If your intended goal is to have a verifiable certificate on the postfix server, you can provide the CA chain files to postfix and import the CA root certificate into all clients; this will follow the chain for all certificates issued by the CA.

Quoting from http://www.postfix.org/postconf.5.html#smtpd_tls_cert_file:

To enable a remote SMTP client to verify the Postfix SMTP server certificate, the issuing CA certificates must be made available to the client. You should include the required certificates in the server certificate file, the server certificate first, then the issuing CA(s) (bottom-up order).

Example: the certificate for "server.example.com" was issued by "intermediate CA" which itself has a certificate of "root CA". Create the server.pem file with "cat server_cert.pem intermediate_CA.pem root_CA.pem > server.pem".

  • 1
Reply Report

Trending Tags