The previous article looked at saslauthd. Now, we need to concentrate on the certificate the connection will use when retrieving our mail.

This is completed using the same principles as when using a secure port (HTTPS) on a website. Let's start the process by creating a new SSL certificate.

Self signed

Note that we will be creating a self signed certificate which will produce a warning from your mail client (Mail, Thunderbird, Outlook, etc).

However, it will be fine if you are the only user of the mail server. You will need to purchase a valid certificate if other people or clients are using the mail server.

Creation

Let's go ahead and create the certificate.

We're going to place the certificate in the default certificate folder in Ubuntu Hardy: /etc/ssl/certs.

You can place it in the postfix folder if you prefer.

sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/certs/mailcert.pem

You will be asked a series of questions regarding the details for the certificate.

I answered as follows:

Country Name - US
 
State or Province - Texas
 
Locality name - San Antonio
 
Organization Name - Organization
 
Organizational Unit Name - Mail
 
Hostname - mail.democloudserver.com
 
Email address - admin@democloudserver.com

Note that it is important the Hostname matches the mail server hostname. In this case it was mail.democloudserver.com.

Certificate

Now we have a self-signed certificate located here:

/etc/ssl/certs/mailcert.pem

We will use these details when configuring Postfix to use it for our secure connections.

Summary

Using secure connections is an important part of running a mail server - creating a self-signed certificates is an easy process but it does produce a warning when used.

You will need to purchase a certificate if you are to host other people's mail or have other people access the mail server.

The next article looks at configuring Postfix to utilise our certificate for secure connections.

Previous Article
Next Article