The previous article looked at saslauthd. Now we need to concentrate on the certificate the connection will use when retrieving our mail.
This is completed using the same principles as when using a secure port (HTTPS) on a website. Let's start the process by creating a new SSL certificate.
Note that we will be creating a self signed certificate which will produce a warning from your mail client (Mail, Thunderbird, Outlook, etc).
However, it will be fine if you are the only user of the mail server. You will need to purchase a valid certificate if other people or clients are using the mail server.
Let's go ahead and create the certificate.
We're going to place the certificate in the default certificate folder in Ubuntu Hardy: /etc/ssl/certs.
You can place it in the postfix folder if you prefer.
sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/certs/mailcert.pem
You will be asked a series of questions regarding the details for the certificate.
I answered as follows:
Country Name - GB State or Province - Nottinghamshire Locality name - Nottingham Organisation Name - PickledOnion Ltd Organisational Unit Name - Mail Hostname - mail.demoslice.com Email address - email@example.com
Note is is important the Hostname matches the mail server hostname. In this case it was mail.demoslice.com.
Now we have a self-signed certificate located here:
We will use these details when configuring Postfix to use it for our secure connections.
Using secure connections is an important part of running a mail server - creating a self-signed certificates is an easy process but it does produce a warning when used.
You will need to purchase a certificate if you are to host other people's mail or have other people access the mail server.
The next article looks at configuring Postfix to utilise our certificate for secure connections.