Hello, > No, you don't need a dedicated root CA to sign a you server > certificate, your server certificate can just be self-signed, this > was covered quite a few messages ago, when you first started asking > about TLS.
> openssl req -new -x509 ... > generates a self-signed certificate, you can just use that. Could you provide the entire command? OpenSSL has many options; I don't want to forget something. Are you trying to say that I can use the above instead of all commands from this [0] guide? Could you post other commands if the above isn't enough? > To enable EDH ciphers on the server side, see: > http://www.postfix.org/TLS_README.html#server_cipher Will it be safe to use RSA for some time (several months)? (I don't have enough time to dive into EDH world right now.) [0] http://www.postfix.org/TLS_README.html#quick-start
