On Tue, Oct 01, 2019 at 05:59:19PM +0200, Matus UHLAR - fantomas wrote:
> >> In Postfix 3.4
>
> On 01.10.19 06:13, linkcheck wrote:
> >Thanks, but I'm on 3.1.1 due to Ubuntu/Mint version.
>
> then, you need separate key and cert file.
Actually, no. With Postfix 3.x the default value of the key file
parameter is the cert file, and the same file can hold both the
cert and the key.
$ postconf -d smtpd_tls_{cert,key}_file
smtpd_tls_cert_file =
smtpd_tls_key_file = $smtpd_tls_cert_file
What you don't get in 3.1.x is atomicity of key + cert updates
because the file opened and read twice, and support for chains for
multiple algorithms in a single file.
--
Viktor.
