SMTP Certificate Through GoDaddy

SMTP Certificate through GoDaddy:

Run command:

openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

Submit to GoDaddy domain.csr.

Download from GoDaddy zip file for OTHER server.

The zip file will contain 2 CRT files: something like gd_bundle***.crt and ******.crt

Rename gd_bundle***.crt to just gd_bundle.crt

Rename *****.crt to [domain name].crt

Run command:

cat [domain name].crt gd_bundle.crt > server.pem

Now copy the files to the proper directories:

cp -i domain.key /etc/ssl/private/

cp -i server.pem /etc/ssl/certs/

cp -i [domain name].crt /etc/ssl/certs/

Edit lines in /etc/postfix/main.cf accordingly:

smtpd_tls_CAfile = /etc/ssl/certs/[domain name].crt

smtpd_tls_cert_file = /etc/ssl/certs/server.pem

smtpd_tls_key_file = /etc/ssl/private/domain.key

Restart postfix and possibly saslauthd

To test expiration:

printf 'quit\n' | openssl s_client -connect $SERVERNAME:25 -starttls smtp | openssl x509 -enddate -noout

Replace $SERVERNAME with the server name.