>It is a 'self-signed' certificate.
>
>If you believe that the certificate needs to be verifiable, you can pay a
commercial certificate provider, or you can use letsencrypt
>(https://letsencrypt.org) to sign a free certificate for you. There are
instructions for many mail servers including Postfix.
>
> Wietse
Thanks for you fast answer!
But i ready the self signed can also by signed, and to trust!?!?
root@mail:/etc/ssl/1# openssl ca -in csr.caloro.csr -out crt.caloro.crt
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for /etc/ssl/1/CaKey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2 (0x2)
Validity
Not Before: Jun 8 21:41:50 2020 GMT
Not After : Jun 6 21:41:50 2030 GMT
Subject:
countryName = CH
stateOrProvinceName = Luzern
organizationName = Caloro
organizationalUnitName = IT
commonName = nmail.caloro.ch
emailAddress = mauri...@caloro.ch
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
53:7A:A8:44:48:1D:3D:17:21:02:D6:48:0E:8F:03:37:F3:D9:03:AA
X509v3 Authority Key Identifier:
keyid:DA:E7:04:AC:95:FC:59:C0:E5:3C:90:6A:EB:33:70:3E:18:0C:C4:86
Certificate is to be certified until Jun 6 21:41:50 2030 GMT (3650 days)
Sign the certificate? [y/n]:n
CERTIFICATE WILL NOT BE CERTIFIED
