Postfix and multiple SSL certificates

If you ever wanted to use your Postfix with multiple SSL certificates for different domains, here is how.

List of requirements

  • separate IP for each SSL certificate
  • different domains you will use for your mail (say, example.com and example2.com)
  • separate SSL certificate for each domain


The change will involve:

  • modifying /etc/postfix/main.cf
  • modifying /etc/postfix/master.cf

Modifying /etc/postfix/main.cf

Comment out smtpd_tls_key_file and smtpd_tls_cert_file directives. smtpd_tls_CAfile can stay, if the certificates you’re using are from the same SSL vendor.

Modifying /etc/postfix/master.cf

Where you previously had Postfix master listening on all interfaces (for smtp/25, smtps/465, submission/587), and thus, using one SSL certificate (the one defined in /etc/postfix/main.cf):

You should now modify it to use different IP addresses and different SSL certificates – for example, for mail.example.com and mail.example2.com:

That’s it! Restart Postfix, and you should be done.

For information on how to set up Cyrus to use multiple certificates, see this article.