In the past, I used the command genkey --days 365 mail.example.com as seen here http://wiki.centos.org/HowTos/postfix_sasl#head-cbb533b46d6bb25ca84e0a62c9c653eb5788c4ed to generate the TLS certificates. However upon reading actual postfix documentation here http://www.postfix.org/TLS_README.html it says that both the certificate and private key need to be in PEM format. Are they referring to the structure/way the file is written or that the file has to be .pem ? If the latter, what command would I use to generate these?
The Postfix documentation has commands that you can put to generate the necessary keys but it is stored in /etc/postfix. The key has only read and write by root as it should but shouldnt these keys be stored in /etc/pki/tls/certs or /etc/pki/tls/private or is the default location fine?
Thank You!
[link][17 comments]