next question: do I need the key to use the certificate or can I only use the certificate and leave the value of ssl_key_file empty? You certainly can't use the certificate without the key. And I guess dovecot needs ssl_key_file, unless it would be smart enough to figure it out for itself when you omit it. Either way, here is basically how it works. A certificate is not a secret, you in fact push it down to every connecting client. A certificate is something that identifies a server, and the private key is what makes it possible for you to demonstrate
On 06/13/2012 03:47 AM, oni-neko@gmx.net wrote: that you are the owner of the certificate. When a CA signs your certificate, you send them the public half of your key, and they make a certificate from it, and sign it, and that basically says: we were convinced that the entity that holds this key has a legitimate connection to this domain name. All that remains is for you to prove to the world that you are actually you = you are in possession of the private key. So, dovecot actually needs the key to do this mathematical magic every time a client connects.