Am 09.02.2011 09:03, schrieb Robert Schetterer: > Am 09.02.2011 02:50, schrieb Sahil Tandon: >> On Tue, 2011-02-08 at 22:04:38 +0100, Robert Schetterer wrote: >> >>> Hi, geotrust >>> has changed ssl procedures >>> for this in i.e apache >>> i have to add intermediate in a extra >>> SSLCACertificateFile >> >> [ .. ] >> >>> i am not quite sure if or how i should include >>> intermediate ca in postfix >> >> The TLS_README contains a few words on configuration with intermediate >> CAs. >> > > yes i have read this, but i need to verify here > sometimes no native english readers have to > so any hint or example ? >
looks like its writen here more clear ( for this question ) --snip https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO13616&actp=LIST&viewlocale=en_US * The private key was generated when the CSR was created and should already be on the server. Please name the file private.key. * The SSL certificate is included in the approval e-mail, but can also be downloaded from your VeriSign Trust Center Account - see solution SO8061 for details. Please name the file ssl.crt. * The Intermediate CA is specific to the product type of the SSL certificate; the correct Intermediate CA can be downloaded from the knowledge base - see article AR657. For EV SSL certificates, please download the "Root Bundle" version for the SSL certificate type. Please name the file intca.crt. The SSL certificate and Intermediate CA need to be in a single file for Postfix to be able to reference them correctly. Assuming the files are named as per above, you can place both in to a single file with the following command: cat ssl.crt intca.crt > server.crt Once the private key and combined certificate file are installed on the server, the Postfix configuration needs to be modified or updated to reference the certificate files. The configuration file that needs to be updated is main.cf, which is usually located in /etc/postfix/. For the purposes of this solution, it's assumed that all the certificate files have been placed in /etc/ssl/. Add the following to main.cf (if the SSL certificate is being renewed, these statements are probably already in place; please ensure they are correct): smtpd_use_tls = yes smtpd_tls_key_file = /etc/ssl/private.key smtpd_tls_cert_file = /etc/ssl/server.crt Restart the Postfix process (sudo postfix reload is the usual command) to begin using the new SSL certificate. -----snip after all i guess the is build standard way after this with i.e cat /etc/postfix/wildcard-with-inter.crt /etc/postfix/wildcard.key > /etc/postfix/wildcard.pem -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
