Order of keys

Alex JOST jost+lists at dimejo.at
Wed Jun 10 13:04:52 UTC 2015

Am 10.06.2015 um 13:53 schrieb Steve Matzura:
> I hope I'm asking this on the right list, in the right place. I go
> through this every three years and for whatever reason keep forgetting
> to record how this works!
> In the Dovecot config, there are two places to define SSL
> certificates--ssl_cert_file and ssl_key_file. My question is this:
> Which two of the three files--the certifying authority, the signed
> certificate for the specific system, and the private certificate
> file--are combined to create the file that goes with ssl_cert_file?
> Since there are six possible permutations to answer this question
> (because order of files matters), which two go with ssl_crt_file and
> in what order? I have a private certificate file, the certifying
> authority's .CRT file, and the certifying authority's signed .PEM file
> which contains the system's certified certificate.
> Thanks in advance.

The private certificate is separate and defined by "ssl_key".

The signed certificate for your domain and the CA's intermediate 
certificate are combined in 1 file and defined by "ssl_cert". The signed 
certificate is placed at top and the intermediate certificate next.


More information about the dovecot mailing list