Installing a Trustwave SSL Certificate on Postfix SMTP Server

SSL Certificate installation for Postfix SMTP Server

» Go back and choose a different type of Server

» Finished installing? Check your SSL Certificate installation with HelpNow!

» SSL Certificate Purchasing Information for Postfix SMTP Server

» CSR generation instructions for Postfix SMTP Server

Preparing for the installation Preparing for the installation
To install your SSL certificate on a Postfix server, you will need three files. First, you will need the private key that was created when you made your CSR. Second, you will need the .cer file from the ZIP file that was e-mailed to you by Trustwave (this is your actual SSL certificate). Third, you will need the xroot.crt file from the ZIP file that was e-mailed by Trustwave.

If you have misplaced your xroot.crt file, you can download it here:

Download the Trustwave intermediate certificate bundle

Install your Trustwave SSL certificate Install your Trustwave SSL certificate
Now that you have all three files, place them in a directory accessible by Postfix. We recommend using /etc/postfix/. Some users may want to make a directory for SSL inside the /etc/postfix/ directory.
Configuring Postfix to use TLS Configuring Postfix to use TLS
Now that your certificates are on the filesystem, all that's left is a simple configuration change within your main.cf in the Postfix directory. Open the file with a suitable text editor - such as vi, nano, or pico - and add the following lines:

smtpd_use_tls = yes
# smtpd_tls_auth_only = yes <-- Optional
smtpd_tls_key_file = /etc/postfix/private.key
smtpd_tls_cert_file = /etc/postfix/www.yourdomain.com.cer
smtpd_tls_CAfile = /etc/postfix/xroot.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

You can uncomment the smtpd_tls_auth_only line if you want to force all clients to use TLS encryption. Please remember - any clients without TLS capabilities will be rejected when they attempt to connect. Also, if you have issues with your installation, increase the smtpd_tls_loglevel to 3 so that you can see additional debugging information in your system log.

Completing the installation Completing the installation
All that's left to do is reload Postfix's configuration. You can normally do this by running postfix reload.

» Check your SSL Certificate Installation with HelpNow!

Trustwave Technical Support Options
Toll-Free: 866-775-2378
Direct: +1-608-294-6940
E-Mail: sslsupport@trustwave.com
SSL Certificate Customers - Instant Support!
We invite our SSL Certificate Customers to use our new instant online troubleshooter, HelpNow, to diagnose SSL Certificate issues instantly.
Get HelpNow! »
Trustwave Support Tips:
If you are contacting us about your SSL certificate via e-mail, please provide us with your website's address and a detailed description of the issue. Screenshots may also help us resolve your problem quickly, so you are welcome to include those as well.
Trusted by Internet Explorer, Firefox, Netscape, Opera, AOL, Safari, Mozilla
Home Legal Information Privacy Policy Contact Us International
© Trustwave
Ph: 888-878-7817 (312-873-7500 outside U.S. or Canada) Fax: 312-443-8028 info@trustwave.com