regarding ssl certificates

Guido Goluke, MajorLabel info at majorlabel.nl
Thu Mar 14 13:13:15 EET 2019


Op 14-03-19 om 11:46 schreef mick crane via dovecot:
> Excuse dopey question.
> I'm not exactly clear about certificates.
> Apache2 default install has this snake oil certificate
> Can make a new one for apache
> Can make one for dovecot
> Can make one for ssl
> Is there supposed to be the one (self signed ) certificate pair in one 
> place for the machine that each process hands out ?
> Can they be moved to another machine ?
>
> mick
>

Apache, dovecot and Postfix can all use the same certificate, you do 
need to configure each one to the location of the certificate though. 
SSL is something else: apache, dovecot, postfix are all 
services/programs. SSL is a protocol/way of encryption. Self-signed 
means there is no Certificate Authority backing the legitimacy. Getting 
a Let's Encrypt certificate (I recommend certbot) will get you a 
legitime certificate, but only for the hostname (e.g. 
web01.yourdomain.com) you provide it. This must be traceable to your 
machine through DNS, so moving it to another machine would only work if 
that machine would completely replace the old machine (domain name) and 
the DNS is changed to point to your new IP address (or the old machine 
gets taken out of 'the air' and the new machine gets the old one's IP 
address).

Best.

MajorLabel



More information about the dovecot mailing list