Where do you get your CA bundles (crt's) for postfix?
Every (major) Linux distribution comes with CA certificates from all major authorities that are usually trusted.
This is the default location for CentOS:
smtpd_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
This should be used by default, so you shouldn't need this line unless you want to trust your own CA only.
The CA files are provided by the package ca-certificates
. If for some reason the CA bundles are not present you can install them using yum install ca-certificates
.