>It is a 'self-signed' certificate. > >If you believe that the certificate needs to be verifiable, you can pay a commercial certificate provider, or you can use letsencrypt >(https://letsencrypt.org) to sign a free certificate for you. There are instructions for many mail servers including Postfix. > > Wietse
Thanks for you fast answer! But i ready the self signed can also by signed, and to trust!?!? root@mail:/etc/ssl/1# openssl ca -in csr.caloro.csr -out crt.caloro.crt Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for /etc/ssl/1/CaKey.pem: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 2 (0x2) Validity Not Before: Jun 8 21:41:50 2020 GMT Not After : Jun 6 21:41:50 2030 GMT Subject: countryName = CH stateOrProvinceName = Luzern organizationName = Caloro organizationalUnitName = IT commonName = nmail.caloro.ch emailAddress = mauri...@caloro.ch X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 53:7A:A8:44:48:1D:3D:17:21:02:D6:48:0E:8F:03:37:F3:D9:03:AA X509v3 Authority Key Identifier: keyid:DA:E7:04:AC:95:FC:59:C0:E5:3C:90:6A:EB:33:70:3E:18:0C:C4:86 Certificate is to be certified until Jun 6 21:41:50 2030 GMT (3650 days) Sign the certificate? [y/n]:n CERTIFICATE WILL NOT BE CERTIFIED