[Dovecot] Enabling security on POP3 and IMAP
Josep L. Guallar-Esteve
guallar at easternrad.com
Thu Sep 24 18:59:02 EEST 2009
Hello Richard,
Maybe the included .pem files are bad (expire, pointing to wrong server name
or whatnot)
I'd generate new .pem files.
dovecot documentation points to mkcert.sh script. With this script you can
generate your own certificate, after filling in the OpenSSL config file used
by mkcert.sh.
On my system, the script is located at
/usr/libexec/dovecot/mkcert.sh
and the configuration file is at:
/etc/pki/dovecot/dovecot-openssl.cnf
With the key and certificate generated this script, dovecot is happy to work
with ssl (imaps i my case)
Hope this helps,
Josep
On Thursday 24 September 2009 11:39:59 am Richard Hobbs wrote:
> Hello,
>
> Thanks again for your response...
>
> However, upon closer inspection, it seems that both
> "/etc/ssl/certs/dovecot.pem" and "/etc/ssl/private/dovecot.pem" already
> exist!
>
> I'm running Debian Lenny 5.0 btw - does anyone know if these keys were
> simply part of the dovecot package, or whether they have been generated
> during the installation process and are therefore unique?
>
> If they are unique, then I don't need to generate my own, perhaps?
>
> Thanks again,
> Richard.
>
> Christian Schmidt wrote:
> > Hello Richard,
> >
> > Richard Hobbs, 10.09.2009 (d.m.y):
> >> Thanks for the advice - how do i generate ssl cert files and ssl key
> >> files?
> >
> > Just use OpenSSL.
> > There's a short description of what to do on
> > <http://www.apache-ssl.org> - or in any other OpenSSL Howto...
> >
> > Gruss/Regards,
> > Christian Schmidt
--
Josep L. Guallar-Esteve - IT Department
This transmission is intended for the use of the entity or individual to which
or whom it is addressed. The transmission or any documents accompanying the
transmission may contain confidential information. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution,
or action taken in reliance on the contents of the transmission or the
documents is strictly prohibited. If you have received this confidential
transmission in error, please destroy it and any accompanying documents and
notify the sender immediately. Thank you.
More information about the dovecot
mailing list