On Mon, Mar 07, 2016 at 03:18:11PM -0600, Tom Browder wrote:
> I have a server with several vhosts. I am working on providing mail
> services to each with TLS. I have server CA certs and unlocked keys
> for each individual vhost.
When you say "vhost", what do you mean?
> Is the right way to handle that to put ALL the cert and associated
> files in the "smtpd_tls_CApath" directory and run "c_rehash" on that
> directory?
No, that's mostly for verifying client certs and has very little
to do with server certificates.
> Or should I keep the three different types of files
> concatenated into three files, one of each type?
Typically, best to create a complete separate chain file for each
keypair, however it is likely useful to understand how you're
managing the various server identities. Multi-instance Postfix?
Multiple smtpd(8) listeners in master.cf? ...
--
Viktor.
