This page show you how to configure Postfix with TLS support to use a Certficate. This example was used on a Debian System, but should be similar for most other systems.
Generate Local Server-side Certificate
You will need to generate a certificate, eg:
cd /etc/ssl/private openssl req -nodes -new -keyout server.key -out server.csr
and supplying the values at the prompt.
Generate CACert Certificate
Paste the contents of the server.csr file into the CAcert website, you will need to verify your domains before hand etc. Then when you are shown/sent your certificate open /etc/ssl/certs/server.crt and paste the contents into that file.
Update Postfix configuration files
For split-file configuration, edit the file /etc/postfix/main.cf and uncomment or add the following to the bottom:
### Transport Layer Security ### # Server side TLS smtpd_use_tls = yes smtpd_tls_key_file = /etc/ssl/private/server.key smtpd_tls_cert_file = /etc/ssl/certs/server.crt smtpd_tls_CAfile = /etc/ssl/certs/cacert.crt smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s # Client side TLS smtp_use_tls = yes smtp_tls_key_file = /etc/ssl/private/server.key smtp_tls_cert_file = /etc/ssl/certs/server.crt smtp_tls_CAfile = /etc/ssl/certs/cacert.crt # Misc TLS tls_random_source = dev:/dev/urandom
tls_cert_file: /etc/ssl/certs/server.crt tls_key_file: /etc/ssl/private/server.key
Then, activate the changes by:
/etc/init.d/postfix restart /etc/init.d/cyrus restart