On Tue, Nov 09, 2010 at 11:53:17AM +1100, Voytek Eymont wrote:
> do I simply send the '/etc/postfix/tls/smtpd.crt' file 'as is',
> is that the one ?
Yes, that is key.
>
> # grep tls main.cf
> ...
> smtpd_tls_key_file = /etc/postfix/tls/smtpd.key
> smtpd_tls_cert_file = /etc/postfix/tls/smtpd.crt
> smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem
>
>
> # ls -l
> total 40
> -rw-r--r-- 1 root root 1407 Nov 13 2007 cacert.pem
> -rw-r--r-- 1 root root 951 Nov 13 2007 cakey.pem
> -rw-r--r-- 1 root root 1029 Nov 13 2007 smtpd.crt
> -rw-r--r-- 1 root root 777 Nov 13 2007 smtpd.csr
> -rw-r--r-- 1 root root 887 Nov 13 2007 smtpd.key
Your private key really shoud NOT be world-readable. Though it
may be too late on a multi-user system, do try:
chmod 0600 smtpd.key
in the future run OpenSSL key-generating commands after "umask 077".
--
Viktor.
