On Mon, Mar 7, 2016 at 5:13 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > On Mon, Mar 07, 2016 at 03:18:11PM -0600, Tom Browder wrote: > >> I have a server with several vhosts. I am working on providing mail >> services to each with TLS. I have server CA certs and unlocked keys >> for each individual vhost. > > When you say "vhost", what do you mean?
Virtual hosts. >> Is the right way to handle that to put ALL the cert and associated >> files in the "smtpd_tls_CApath" directory and run "c_rehash" on that >> directory? > > No, that's mostly for verifying client certs and has very little > to do with server certificates. Okay. >> Or should I keep the three different types of files >> concatenated into three files, one of each type? > > Typically, best to create a complete separate chain file for each > keypair, however it is likely useful to understand how you're > managing the various server identities. Multi-instance Postfix? > Multiple smtpd(8) listeners in master.cf? ... Um, I haven't gotten that far, although I need to investigate that. I intend to use Mailman 3 for managing mailing lists associated with each virtual host. As it stands, I have an MX record for each virtual host, each pointing to the "real" host. Right now I'm just trying to get smtp access from my local host and would like to use TLS and client certs. Thanks, Victor. -Tom
