[Dovecot] SSL / TLS

Carlos Williams carloswill at gmail.com
Thu Jul 9 17:51:48 EEST 2009


On Tue, Jun 30, 2009 at 11:02 AM, Steffen
Kaiser<skdovecot at smail.inf.fh-brs.de> wrote:
> We do not use Verisign, so I don't know. However, OpenSSL uses PEM-format as
> does Apache. So I'd guess "Apache" is OK.
>
> Maybe, you find infos regarding PEM format on Verisign pages.

I am downloading my SSL certificate from Verisign.com right now.
Verisign advised me that I need to download the x.509 since I am using
a non-microsoft platform for my SSL certificates. I downloaded the
certificate from the site and pasted it into a file /etc/ssl/mail.crt

I already had a mail.key file which is what I assume to be my private
key I sent to Verisign which they used to create the public key I just
pasted into mail.crt. Now I have mail.crt and mail.key files in my
ssl/ directory. My next question is applying them so Dovecot can use
them for TLS. When I edit me dovecot.conf file, I uncommented the
following with the values you see below:

> ssl_cert_file = /etc/ssl/mail.crt
> ssl_key_file = /etc/ssl/mail.key
> ssl_listen: 993
> ssl_key_password: *******************
> ssl_disable = no
> ssl_parameters_regenerate = 168

Now it works fine. I can open up my mail client (Mozilla Thunderbird)
and configure it to use TLS. Now I see a little "pad lock" icon near
my mail account to show it's using security settings.

My question now after it appears to be working, did I configure this
properly for TLS? Users can still log into the IMAP server and get
their mail via plain text or with the SSL certificate. Did I set the
correct port for ssl_listen or is that for SSL only and not TLS?

Comments / Suggestions?


More information about the dovecot mailing list