/etc/postfix/main.cf for iRedMail Certificates
- First Problem: /etc/postfix/main.cf for iRedMail
I got free SSL certificate from StartSSL
Certificate ca.pem private.key ssl.crt ssub.class1.server.ca.pemfiles are in cd /etc/apache2/ssl and they work fine when accessing Apachee server from the web.
Line below were added to /etc/apache2/sites-enabled/000-default
SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /etc/apache2/ssl/ssl.crt SSLCertificateKeyFile /etc/apache2/ssl/private.key SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
As you can see etc/apache2/sites-enabled/000-default is lookin in ther correct spot for my StartSSL files so everthing is good,
I am having problems with certs in my email clients when accessing the mail server on the same droplet.
Suposidly iRedMail sets itself up to use it own certificate and thus this is in main.cf
# TLS parameters smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
The big question?
I asume I want it to use my certificates from StartSSL instead.
Can I just change the above two lines to /etc/apache2/ssl/* ?
smtpd_tls_cert_file = /etc/apache2/ssl/sub.class1.server.ca.pem smtpd_tls_key_file = SSLCertificateKeyFile /etc/apache2/ssl/private.key
And also do I have to have to add a line to point to /etc/apache2/ssl/ssl.crt?
- Second Problem: From main.cf file:
# information on enabling SSL in the smtp client. myhostname = mx.mydomain.us alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases myorigin = mx.mydomain.us mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname relayhost =
firstname.lastname@example.org:/etc# hostname mydomain.us email@example.com:/etc# cat hosts 127.0.0.1 mx.mydomain.us mydomain.us localhost localhost.localdomain #127.0.0.1 localhst mydomain.us mydomain
Should I change in main.cf the line:
myhostname = mx.mydomain.us to myhostname = mydomain.us
Or since mx.mydomain.us is in /etc/hosts will it still work fine?