[Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL

Charles Marcus CMarcus at Media-Brokers.com
Fri Apr 18 17:57:47 UTC 2014


Hi all,

Ok, been wanting to do this for a while, and I after the Heartbleed 
fiasco, the boss finally agreed to let me buy some real certs...

Until now, we've been using self-signed certs with the following dovecot 
config:

ssl = required
ssl_cert = </etc/ssl/ourCerts/imap.pem
ssl_key = </etc/ssl/ourCerts/imap_key.pem

Now, I've created new keys/certs and the CSR, got the new certs from 
RapidSSL (and also downloaded their Intermediate bundle), saved 
everything per their instructions, which say to reference them as follows:

ssl = required
ssl_cert_file = /etc/ssl/ourNewCerts/mail.ourdomain.com.crt
ssl_key_file = /etc/ssl/ourNewCerts/mail.ourdomain.com.key
ssl_ca_file = /etc/ssl/ourNewCerts/RapidSSL_Intermediate.crt

But my current config doesn't have the _file for the variable names, and 
the wiki doesn't use them, so I'm planning on setting these to:

ssl = required
ssl_cert = /etc/ssl/ourNewCerts/mail.ourdomain.com.crt
ssl_key = /etc/ssl/ourNewCerts/mail.ourdomain.com.key
ssl_ca = /etc/ssl/ourNewCerts/RapidSSL_Intermediate.crt

Anyone else ever used RapidSSL certs? Does this look correct?

Thanks,

Charles



More information about the dovecot mailing list