Create New Cert for AntiSpam Server

[glen]

Generate new set from below and paste info to server's web console and then REBOOT for changes to take effect. If you use the renew method, you only need to copy the certificate and not the private key. The keys and certs are located at /etc/postfix/certs. Postfix uses the master.cf for settings.

1. openssl genrsa -out new.key
2. openssl req -new -key new.key -out new.csr
3. openssl x509 -req -days 3650 -in new.csr -signkey new.key -out new.cert

[glen]

Only do this method if you want new private key every time. Copy and Paste:

openssl req \
-x509 \
-newkey rsa:2048 \
-sha256 \
-days 3650 \
-nodes \
-keyout new.key \
-out new.crt \
-subj '/CN=spam.nguy.ca' \
-extensions san \
-config <( \
echo '[req]'; \
echo 'distinguished_name=req'; \
echo '[san]'; \
echo 'subjectAltName=DNS:localhost, DNS:*.nguy.ca, IP:192.168.10.5, IP:192.168.10.6, IP:192.168.10.7')


To verify:
openssl x509 -in new.crt -text -noout

[glen]

Renew certificate with existing private key:

Create CSR and Convert to CRT:
- openssl req -new -key scrollout.key -out new2024.csr <== run this first if "server-cert.cnf" file has been modifed
- openssl x509 -req -days 3650 -in new2024.csr -signkey scrollout.key -out new2024.crt -extensions req_ext -extfile server-cert.cnf <== renew with this line



Add the new certificate to your "Trusted Root Authorities | Certificates " sub folder and delete the old one.