[Dovecot] question about changing certificate
Gedalya
gedalya at gedalya.net
Wed Jun 13 13:14:51 EEST 2012
On 06/13/2012 03:47 AM, oni-neko at gmx.net wrote:
> next question: do I need the key to use the certificate or can I only use the certificate and leave the value of ssl_key_file empty?
You certainly can't use the certificate without the key. And I guess
dovecot needs ssl_key_file, unless it would be smart enough to figure it
out for itself when you omit it. Either way, here is basically how it
works. A certificate is not a secret, you in fact push it down to every
connecting client. A certificate is something that identifies a server,
and the private key is what makes it possible for you to demonstrate
that you are the owner of the certificate.
When a CA signs your certificate, you send them the public half of your
key, and they make a certificate from it, and sign it, and that
basically says: we were convinced that the entity that holds this key
has a legitimate connection to this domain name. All that remains is for
you to prove to the world that you are actually you = you are in
possession of the private key. So, dovecot actually needs the key to do
this mathematical magic every time a client connects.
More information about the dovecot
mailing list