When your issuance email arrives you will have three certificates in the email - your webserver certificate the GTE root certificate and an intermediate certificate. (you will only require your server certificate and the intermediate certificate)
Copy the intermediate certificate (Class 3 Security Services CA)into a text editor such as notepad and save as ca.txt (bundle file).
Copy your web server certificate into a text editor such as notepad and save as yourdomain.crt.
1. Locate and open the Postfix config file main.cf.
2. Save yourdomain.crt to the same directory as the yourdomain.key file which would have been created when you originally created your CSR. If you are importing an existing certificate, ensure you also import the yourdomain.key file.
3. Save the ca_new.txt (bundle file) to the same directory as yourdomain.crt and yourdomain.crt.
4. In the the Postfix TLS settings section ensure the following directives and file locations are present. You will need to add them if they are not present or if they are different:
smtpd_tls_cert_file = /some/path/yourdomain.crt
smtpd_tls_key_file = /some/path/yourdomain.key
smtpd_tls_CAfile = /some/path/ca.txt (bundle file)
The following settings may be different per server, however ensure that your setup is similar to the below examples:
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_session_cache_timeout = 3600s