Create a Self Signed Postfix Certificate

SSH: Self Sign Postfix

# copied from https://www.e-rave.nl/create-a-self-signed-ssl-key-for-postfix

openssl genrsa -des3 -out mail.domain.tld.key 2048
chmod 600 mail.domain.tld.key
openssl req -new -key mail.domain.tld.key -out mail.domain.tld.csr
openssl x509 -req -days 365 -in mail.domain.tld.csr -signkey mail.domain.tld.key -out mail.domain.tld.crt
openssl rsa -in mail.domain.tld.key -out mail.domain.tld.key.nopass
mv mail.domain.tld.key.nopass mail.domain.tld.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
chmod 600 mail.domain.tld.key
chmod 600 cakey.pem
mv mail.domain.tld.key /etc/ssl/private/
mv mail.domain.tld.crt /etc/ssl/certs/
mv cakey.pem /etc/ssl/private/
mv cacert.pem /etc/ssl/certs/
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/ssl/private/mail.domain.tld.key'
postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/mail.domain.tld.crt'
postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = mail.example.com'

Team,

thanks for the above steps, following them I've created the local self-signed CA. But while trying to verify the external client's certificates against the created CA, I'm getting cacert.pem verification failed error. Does anyone know how to resolve the error and proceed further?

Below is the error.

openssl verify cacert.pem cert.pem chain.pem
C = xxxx, ST = xxxx, L = Default City, O = xxxxx
error 18 at 0 depth lookup: self signed certificate
error cacert.pem: verification failed
cert.pem: OK
chain.pem: OK

Thanks,
Krishna