SSL in Postfix with Intermediate Certificate

This article describes just how to install certificates with intermediate certificate in Postfix, it does not describe how to configure Postfix for SSL as that is pretty complex topic.

For configuration you need these files: domain.tld.key (your private key), domain.tld.crt (your public certificate) and intermediate.crt (intermediate certificate of your certificate authority).

The configuration is pretty easy (once you know the steps). First you need to create combined PEM file:

cat domain.tld.key domain.tld.crt intermediate.crt > domain.tld.pem

Next you need to change two variables in Postfix main.cf configuration file:

...
smtpd_tls_cert_file = /path/to/domain.tld.pem
smtpd_tls_key_file = /path/to/domain.tld.pem
...

Now just restart postfix daemon and you’re done 🙂

Tags: