When your issuance email arrives, it will contain three certificates: The webserver certificate, GTE root certificate, and a Comodo CA intermediate certificate. You will only need your server certificate and the Comodo CA intermediate certificate.
Copy the Comodo CA intermediate certificate (Comodo Class 3 Security Services CA) into a text editor and save as ca.txt (bundle file).
Copy your web server certificate into a text editor and save as yourdomain.crt.
- Locate and open the Postfix config file main.cf.
- Save yourdomain.crt to the same directory as the yourdomain.key file that was created with your original CSR. If you are importing an existing certificate, ensure you also import the yourdomain.key file.
- Save the ca_new.txt (bundle file) to the same directory as yourdomain.crt and yourdomain.crt.
- In the Postfix TLS settings section, ensure the following directories and file locations are present. You will need to add them if they are not present or if they are different:
smtpd_tls_cert_file = /some/path/yourdomain.crt smtpd_tls_key_file = /some/path/yourdomain.key smtpd_tls_CAfile = /some/path/ca.txt (bundle file)
Be sure your setup is similar to the following examples:
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_timeout = 3600s