On 8/2/2011 5:53 PM, Steve Jenkins wrote: > I'm currently using a self-signed cert for TLS in Postfix, but I have > a standard SSL cert from GoDaddy for my personal web domain. Is it > possible to use the same cert for both? Would I have to change > 'myhostname=' in Postfix to simply be domain.tld (since I don't have a > wildcard cert)? Any other changes I'd need to make (apart from > pointing smtpd_tls_key_file and smtpd_tls_cert_file to the new key and > cert)? > > Thanks, > > SteveJ
Yes, it's possible to use the same cert. No need to change hostnames in postfix, just point the _key_file and _cert_file to the right place. HOWEVER, there's not really much advantage in using a "real" certificate for opportunistic SMTP TLS, since the certificate is not verified anyway. A real certificate can be useful if end users are connecting directly to the server to submit mail via TLS/SASL, otherwise don't bother. -- Noel Jones
