说明:当前在centos 6.x环境下:
cd /etc/pki/tls/misc
./CA -newca
..... 生成根证书
openssl req -new -nodes -keyout mailkey.pem -out mailreg.pem -days 365
......生成一个SMTP服务器用的证书请求
rm -f /etc/pki/CA/index.txt
touch /etc/pki/CA/index.txt
openssl ca -out mail_signed_cert.pem -infiles mailreg.pem
......用mailreg.pem签发SMTP服务器用证书
mkdir -p /etc/postfix/tls
cp /etc/pki/CA/cacert.pem /etc/postfix/tls/
cp mail_signed_cert.pem /etc/postfix/tls/
cp mailkey.pem /etc/postfix/tls/
编辑/etc/postfix/main.cf,增加/修改配置:
smtp_tls_CApath = /etc/ssl/certs
smtpd_use_tls = yes
smtpd_tls_ask_ccert = yes
smtpd_tls_key_file = /etc/postfix/tls/mailkey.pem
smtpd_tls_cert_file = /etc/postfix/tls/mail_signed_cert.pem
smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem
smtp_use_tls = yes
smtp_tls_key_file = /etc/postfix/tls/mailkey.pem
smtp_tls_cert_file = /etc/postfix/tls/mail_signed_cert.pem
smtp_tls_CAfile = /etc/postfix/tls/cacert.pem
smtp_tls_security_level = may