Which certificate is suitable for the mail server?

E

Eastar2017-08-17 16:00:02

postfix

Eastar, 2017-08-17 16:00:02

I received an SSL certificate for my domain from a registrar. Will it work for postfix and dovecot? Or should it be released for the mail.example.com subdomain? If it does, what will email clients say to my users when I replace the self-signed certificate with the registrar's certificate? Or will it go unnoticed by them?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

akelsey, 2017-08-17
@East_Star

In fact, you can use any certificate, because. The decision to accept this certificate or not lies with the client server. It is logical to assume that the client (connecting) server expects in the SAN certificate to see the allowed hostname to which it connects, so if it connects to mail.example.com, it would be logical that this name be present in the certificate. But even if it is not there, it is still the decision to install TLS or not for the connected side.
But from the point of view of common sense, self-signed but with the correct Subject / SAN seems to me more preferable than even purchased, but not containing the hostname of the mail server.
But in any case, it's up to you.

A

agniko, 2017-09-19
@agniko

When using a certificate from the registrar, you need to be ready to renew it in a year, already for money. I am currently using a certificate from LetsenCrypt.