postfix, rapidssl, and tls.. help!

Discussion in 'Server Operation' started by technobuddha, Sep 16, 2012.

  1. technobuddha

    technobuddha New Member

    Hi all,
    I have been googling, and asking rapidssl for help.
    no luck so far!

    I have not been able to get any of the mail clients to work with smtp and tls.
    I can't seem to find the right "fit" with regards to putting in the certificates together. from all the posts on google, it seems that you have to put in the root certificate as well?

    smtpd_tls_key_file = /etc/postfix/ssl/
    smtpd_tls_cert_file = /etc/postfix/ssl/
    smtpd_tls_CAfile = /etc/postfix/ssl/combo.csr.key

    first is the private key that i created
    2nd is the public key that i got from Rapidssl

    third key has been done in so many combos!
    its several keys in one.

    1. - private key (tried with and without)
    2. - rapidssl intermediate keys
    3, and on the bottom of the file is the rapidssl root cert.

    now when i use openssl to connect and point to the root key, everything works, BUT, see, mail clients have their own root keys, so i've been told to make sure to have the root key imbedded into the "smtpd_tls_CAfile".

    sooo i'm confused, but the mail clients don't seem to find it.

    any help????
  2. topdog

    topdog Active Member

    smtpd_tls_key_file = Should be your private key
    smtpd_tls_cert_file = should be the certificate you were given with any intermediary certificates
    smtpd_tls_CAfile = should be the CA's (Rapidssl) public certificate
  3. technobuddha

    technobuddha New Member

    that's correct, and that's how i have my setup.
    but i find that all the mail clients hang on the certs.

    i believe its because of the root certificate?
    since its newer, the mail clients don't have the updated certificate so it hangs.
    and I was also told that you can give the client the root certificate either. (on hand shaking that is).

    Is there a way around this?


Share This Page