On Tue, Jun 30, 2009 at 11:02 AM, Steffen Kaiser<skdovecot@smail.inf.fh-brs.de> wrote:
We do not use Verisign, so I don't know. However, OpenSSL uses PEM-format as does Apache. So I'd guess "Apache" is OK.
Maybe, you find infos regarding PEM format on Verisign pages.
I am downloading my SSL certificate from Verisign.com right now. Verisign advised me that I need to download the x.509 since I am using a non-microsoft platform for my SSL certificates. I downloaded the certificate from the site and pasted it into a file /etc/ssl/mail.crt
I already had a mail.key file which is what I assume to be my private key I sent to Verisign which they used to create the public key I just pasted into mail.crt. Now I have mail.crt and mail.key files in my ssl/ directory. My next question is applying them so Dovecot can use them for TLS. When I edit me dovecot.conf file, I uncommented the following with the values you see below:
ssl_cert_file = /etc/ssl/mail.crt ssl_key_file = /etc/ssl/mail.key ssl_listen: 993 ssl_key_password: ******************* ssl_disable = no ssl_parameters_regenerate = 168
Now it works fine. I can open up my mail client (Mozilla Thunderbird) and configure it to use TLS. Now I see a little "pad lock" icon near my mail account to show it's using security settings.
My question now after it appears to be working, did I configure this properly for TLS? Users can still log into the IMAP server and get their mail via plain text or with the SSL certificate. Did I set the correct port for ssl_listen or is that for SSL only and not TLS?
Comments / Suggestions?