{"description": "Create the PKI directory for mail certificates, if it does not already exist:\n$ sudo mkdir /etc/pki/tls/mail\n$ sudo chown root:root /etc/pki/tls/mail\n$ sudo chmod 755 /etc/pki/tls/mail
\nUsing removable media or some other secure transmission format, install the files generated in the previous\nstep onto the mail server:\n/etc/pki/tls/mail/serverkey.pem: the private key mailserverkey.pem\n/etc/pki/tls/mail/servercert.pem: the certificate file mailservercert.pem
\nVerify the ownership and permissions of these files:\n$ sudo chown root:root /etc/pki/tls/mail/serverkey.pem\n$ sudo chown root:root /etc/pki/tls/mail/servercert.pem\n$ sudo chmod 600 /etc/pki/tls/mail/serverkey.pem\n$ sudo chmod 644 /etc/pki/tls/mail/servercert.pem
\nVerify that the CA's public certificate file has been installed as /etc/pki/tls/CA/cacert.pem, and has the\ncorrect permissions:\n$ sudo chown root:root /etc/pki/tls/CA/cacert.pem\n$ sudo chmod 644 /etc/pki/tls/CA/cacert.pem
", "warnings": [], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": {}, "platform": "", "platforms": [], "inherited_platforms": ["package[postfix]", "system_with_kernel"], "cpe_platform_names": [], "title": "Ensure Security of Postfix SSL Certificate", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/mail/postfix_harden_os/postfix_configure_ssl_certs/postfix_install_ssl_cert/group.yml"}