[Dovecot] trying to configre dovecot
Noel Butler
noel.butler at ausics.net
Mon Jul 15 10:58:39 EEST 2013
On Sun, 2013-07-14 at 21:38 -0700, Professa Dementia wrote:
> On 7/14/2013 9:03 PM, Gene Heskett wrote:
> >
> > Guessing between the lines I made a few substitutions to localize it for
> > me, but when I run the line to dump the configs, the output is very short
> > because I do not have the *.pem files.
> >
> > Where can a usable set of these ssl 'keyfiles' be obtained?
>
>
> $ openssl genrsa -out server.key 2048
> $ openssl req -sha256 -new -key server.key -out server.csr
> $ openssl x509 -req -days 3650 -in server.csr -signkey server.key -out
> server.crt
> $ cat server.key server.crt > server.pem
>
> Run the four commands. You will have a key file, certificate signing
> request file, a self signed cert and a pem file which is the
simplified: (4 lines into 1)
openssl req -x509 -days 3650 -nodes -newkey rsa:4096 -keyout mail.pem
-out mail.pem
> if you want real security, you need to have your cert signed by a real
> certificate authority (CA).
good idea, a self sign cert is fine for playing around, however there
are some situations some clients might get upset at SSC's in production,
either way, if you want a free "real" certificate for your mail server
(inc webmail), have a look at the offerings from startssl.com
dont know if your linked site gave you any this sicne I've just returned
from a break and catching up on some 1700 posts under my list a/c :)
(which most will be 'mark all as read'), but anyway
in this case use:
openssl req -new -newkey rsa:4096 -days 365 -nodes -keyout mail.key -out
mail.csr
submit your csr file to startssl (or other provider), and get your
mail.crt file _and_ the class1/CA files (they should offer them to you
to d/l)
Typically, I keep hte key separate and would use something like
cat mail.crt /etc/ssl/CA/sub.class1.server.ca.pem /etc/ssl/CA/ca.pem >
dovecot.pem
and in dovecot:
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/certs/mail.key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130715/da5fe7cf/attachment.bin>
More information about the dovecot
mailing list