Mail Server - Secure Connection - Creating the SSL Certificate

The previous article looked at saslauthd. Now, we need to concentrate on the certificate the connection will use when retrieving our mail.

This is completed using the same principles as when using a secure port (HTTPS) on a website. Let's start the process by creating a new SSL certificate.



Self signed

Note that we will be creating a self signed certificate which will produce a warning from your mail client (Mail, Thunderbird, Outlook, etc).

However, it will be fine if you are the only user of the mail server. You will need to purchase a valid certificate if other people or clients are using the mail server.


Let's go ahead and create the certificate.

We're going to place the certificate in the default certificate folder in Ubuntu Hardy: /etc/ssl/certs.

You can place it in the postfix folder if you prefer.

sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/certs/mailcert.pem

You will be asked a series of questions regarding the details for the certificate.

I answered as follows:

Country Name - US
State or Province - Texas
Locality name - San Antonio
Organization Name - Organization
Organizational Unit Name - Mail
Hostname -
Email address -

Note that it is important the Hostname matches the mail server hostname. In this case it was


Now we have a self-signed certificate located here:


We will use these details when configuring Postfix to use it for our secure connections.


Using secure connections is an important part of running a mail server - creating a self-signed certificates is an easy process but it does produce a warning when used.

You will need to purchase a certificate if you are to host other people's mail or have other people access the mail server.

The next article looks at configuring Postfix to utilise our certificate for secure connections.

Previous Article
Next Article

© 2015 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER