no:where BLOG

Wrote a short HOWTO for my friend how to use OpenSSL with email and webserver

OpenSSL, TLS, Postfix, Apache Etc

A friend of mine asked me to show him how to use encryption for his mail and webserver, so I wrote this page for him, maybe you find some info useful too

Install OpenSLL

then enter

openssl req -out certificate.csr -newkey rsa:4096 -nodes -keyout certprivate.key

this will create a private key and a certificate request, that you can use to buy SSL certificates.

if you buy a ssl key you will need send the SSL provider your csr file and get some files back from them. My SLL provider send me linux_cert+ca.pem, linux_cert+ca.pem, and certificate_company.txt An intermediate certificate authority (CA) is an entity that can sign certificates on behalf of the root CA. The root CA signs the intermediate certificate, forming a chain of trust.

Here is a link how to convert the different certificate formats.

To use SLL/TSL in


Add in /etc/postfix/

# TLS parameters
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes

and in /etc/postfix/tls_policy

domain.xx           encrypt
.domain.xx          encrypt


If you do not want to waste your money I recommend to use cert-bot, you will get free three month certificates and it is very easy to renew them.