<div dir="ltr">Hi Patrick,<div><br></div><div>Yes, Godaddy's certificate will work on Apache, Postfix, Cyrus IMAP (or anything else that requires a cert - I suspect). This site has quick reference to common OpenSSL command like generating a key, csr, cert, etc.</div>
<div><br></div><div><a href="http://www.sslshopper.com/article-most-common-openssl-commands.html">http://www.sslshopper.com/article-most-common-openssl-commands.html</a><br></div><div><br></div><div>To add your cert to Postfix, you'll need the key you generated (prior to the CSR you generated), and both the domain cert and CA cert you got from Godaddy. Here's how to use them in Postfix's "<font face="courier new, monospace"><b><a href="http://main.cf">main.cf</a></b></font>" file:</div>
<div><br></div><div><div><font face="courier new, monospace" color="#0000ff">smtp_use_tls = yes</font></div><div><font face="courier new, monospace" color="#0000ff">smtp_tls_note_starttls_offer = yes</font></div><div><font face="courier new, monospace"><font color="#38761d"># The two lines above allows us to ask for TLS on connecting to other servers.</font><br>
</font></div><div><font face="courier new, monospace" color="#0000ff">smtpd_use_tls = yes</font></div><div><font face="courier new, monospace" color="#0000ff">smtpd_tls_auth_only = no</font></div><div><div><font face="courier new, monospace" color="#38761d"># Use this to force TLS (problem is, then no TLS sessions will be rejected)</font></div>
<div><font face="courier new, monospace" color="#38761d">#smtpd_tls_security_level = encrypt</font></div></div><div><font face="courier new, monospace" color="#0000ff">smtpd_tls_cert_file = /etc/postfix/ssl/yourdomain.com-cert.crt</font></div>
<div><font face="courier new, monospace" color="#0000ff">smtpd_tls_key_file = /etc/postfix/ssl/yourdomain.com.key</font></div><div><font face="courier new, monospace" color="#0000ff">smtpd_tls_CAfile = /etc/postfix/ssl/gd_bundle-g2-g1.crt</font></div>
<div><font face="courier new, monospace" color="#0000ff">smtpd_tls_loglevel = 3</font></div><div><font face="courier new, monospace" color="#0000ff">smtpd_tls_received_header = yes</font></div><div><font face="courier new, monospace" color="#0000ff">smtpd_tls_session_cache_timeout = 3600s</font></div>
<div><font face="courier new, monospace" color="#0000ff">tls_random_source = dev:/dev/urandom</font></div><div><font face="courier new, monospace" color="#0000ff">smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache</font></div>
<div><font face="courier new, monospace" color="#0000ff">smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache</font></div></div><div><div><font face="courier new, monospace" color="#38761d"># See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for</font></div>
<div><font face="courier new, monospace" color="#38761d"># information on enabling SSL in the smtp client.</font></div></div><div><br></div><div>Others can scrutinize this, but that's the gist of if.</div><div><br></div>
<div>cheers,</div><div>Godwin</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 8, 2014 at 2:16 PM, Patrick Goupell <span dir="ltr"><<a href="mailto:patrick@upmerchants.com" target="_blank">patrick@upmerchants.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""><br>
On 05/08/2014 01:41 PM, Dave Chiodo wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Did you generate a CSR on your server and submit it to godaddy?<br>
<br>
An SSL cert is basically a public key thats been signed by the cert authority - you should still have the "private" key somewhere (that you keep secure and accessible only by your server)<br>
<br>
I couldnt tell you anything about postfix directly (never used it, I'm an exim user), but you can always use openssl to handle it. It will accept the "SSL" connection from a client, and then relay it locally to the non-SSL service.<br>
<br>
<br>
</blockquote>
<br></div>
Yes, I sent the CSR to <a href="http://godaddy.com" target="_blank">godaddy.com</a>. I got back the 2 files as I said.<div class="HOEnZb"><div class="h5"><br>
<br>
-- <br>
Patrick Goupell<br>
<br>
Are you free? Find out at <a href="http://www.sedm.org/" target="_blank">http://www.sedm.org/</a><br>
Income taxes? Find out at <a href="http://www.whatistaxed.com" target="_blank">http://www.whatistaxed.com</a><br>
<br>
______________________________<u></u>_________________<br>
grlug mailing list<br>
<a href="mailto:grlug@grlug.org" target="_blank">grlug@grlug.org</a><br>
<a href="http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug" target="_blank">http://shinobu.grlug.org/cgi-<u></u>bin/mailman/listinfo/grlug</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><br>Ubber::Geek <br><a href="http://grlug.org/">http://grlug.org/</a>
</div>