Hello all Is it possible to use a Wildcard cert with Postfix? Or does it have to be a cert for an exact FQDN?
Thanks! On Fri, Jan 12, 2018 at 4:35 PM, Sean Son <linuxmailinglistsem...@gmail.com> wrote: > > > On Fri, Jan 12, 2018 at 4:06 PM, Viktor Dukhovni < > postfix-us...@dukhovni.org> wrote: > >> >> >> > On Jan 12, 2018, at 3:55 PM, Sean Son <linuxmailinglistsem...@gmail.com> >> wrote: >> > >> > By default, TLS is disabled in the Postfix SMTP server, so no >> difference to plain Postfix is visible. Explicitly switch it on with >> "smtpd_tls_security_level = may". >> > >> > Example: >> > >> > /etc/postfix/main.cf >> > : >> > >> > smtpd_tls_security_level >> > = may >> > >> > With this, the Postfix SMTP server announces STARTTLS support to remote >> SMTP clients, but does not require that clients use TLS encryption. >> > >> > I think this is the correct solution? Would this require an SSL cert? >> >> Yes, of course. See: >> >> http://www.postfix.org/TLS_README.html#quick-start >> >> and if your Postfix release is older than Postfix 3.1, in particular: >> >> http://www.postfix.org/TLS_README.html#self-signed >> >> -- >> Viktor. >> >> > Thank you Viktor.. it looks like I will need either a self signed or > signed SSL cert from a CA to be able to offer STARTTLS. Please let me know > if I am wrong. > > Thanks > > >
