Loading ...
Sorry, an error occurred while loading the content.
 

Using same SSL cert for HTTPS and TLS?

Expand Messages
  • Steve Jenkins
    I m currently using a self-signed cert for TLS in Postfix, but I have a standard SSL cert from GoDaddy for my personal web domain. Is it possible to use the
    Message 1 of 2 , Aug 2, 2011
      I'm currently using a self-signed cert for TLS in Postfix, but I have
      a standard SSL cert from GoDaddy for my personal web domain. Is it
      possible to use the same cert for both? Would I have to change
      'myhostname=' in Postfix to simply be domain.tld (since I don't have a
      wildcard cert)? Any other changes I'd need to make (apart from
      pointing smtpd_tls_key_file and smtpd_tls_cert_file to the new key and
      cert)?

      Thanks,

      SteveJ
    • Noel Jones
      ... Yes, it s possible to use the same cert. No need to change hostnames in postfix, just point the _key_file and _cert_file to the right place. HOWEVER,
      Message 2 of 2 , Aug 2, 2011
        On 8/2/2011 5:53 PM, Steve Jenkins wrote:
        > I'm currently using a self-signed cert for TLS in Postfix, but I have
        > a standard SSL cert from GoDaddy for my personal web domain. Is it
        > possible to use the same cert for both? Would I have to change
        > 'myhostname=' in Postfix to simply be domain.tld (since I don't have a
        > wildcard cert)? Any other changes I'd need to make (apart from
        > pointing smtpd_tls_key_file and smtpd_tls_cert_file to the new key and
        > cert)?
        >
        > Thanks,
        >
        > SteveJ


        Yes, it's possible to use the same cert. No need to change
        hostnames in postfix, just point the _key_file and _cert_file to the
        right place.

        HOWEVER, there's not really much advantage in using a "real"
        certificate for opportunistic SMTP TLS, since the certificate is not
        verified anyway.

        A real certificate can be useful if end users are connecting
        directly to the server to submit mail via TLS/SASL, otherwise don't
        bother.



        -- Noel Jones
      Your message has been successfully submitted and would be delivered to recipients shortly.