Firstly when your issuance email arrives it will contain your web server certificate. Copy your web server certificate into a text editor such as notepad including the header and footer. You should then have a text file that looks like:
-----BEGIN CERTIFICATE-----
[encoded data]
-----END CERTIFICATE-----
Make sure you have 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added. Save the file as yourdomain.crt.
1. Locate and open the Postfix config file main.cf.
2. Save yourdomain.crt to the same directory as the yourdomain.key file which would have been created when you originally created your CSR. If you are importing an existing certificate, ensure you also import the yourdomain.key file.
3. In the the Postfix TLS settings section ensure the following directives and file locations are present. You will need to add them if they are not present or if they are different:
smtpd_tls_cert_file = /some/path/yourdomain.crt
smtpd_tls_key_file = /some/path/yourdomain.keyThe following settings may be different per server, however ensure that your setup is similar to the below examples:
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_timeout = 3600s
Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP. The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.