Normally, on a RHEL system, you just go into /user/share/ssl/certs/ and
RHEL = Red Hat Enterprise Linux?
type:
make whatever.pem
go to /usr/local/share/doc/dovecot (on FreeBSD), edit example dovecot-openssl.cnf for your needs and run mkcert.sh
To do it "by hand" you've to type e.g.: (one line, then without "\")
openssl req -new -x509 -newkey rsa:1024 -nodes -keyout mykey.pem -out \ mycert-pem
Of course, this will ask you for some values for the DN as well and requires an working openssl.cnf (Use myimap.mydomain.dom for CN)
Then you fill out the various address fields, and you've got a cert.
However, when I rename/delete the existing dovecot.pem and generate a new one using this method, Dovecot won't start and I'm unable to connect to the box. The cert that it's currently using is called
Do use use also the newly generated private key?
"localhost.localdomain", and while that works, mail clients gripe every time about the domain name not matching the certificate.
So make it matching. Set CN=comon Name (openssl might ask for "Your Name")
A
--