regarding ssl certificates
Guido Goluke, MajorLabel
info at majorlabel.nl
Thu Mar 14 13:13:15 EET 2019
Op 14-03-19 om 11:46 schreef mick crane via dovecot:
> Excuse dopey question.
> I'm not exactly clear about certificates.
> Apache2 default install has this snake oil certificate
> Can make a new one for apache
> Can make one for dovecot
> Can make one for ssl
> Is there supposed to be the one (self signed ) certificate pair in one
> place for the machine that each process hands out ?
> Can they be moved to another machine ?
>
> mick
>
Apache, dovecot and Postfix can all use the same certificate, you do
need to configure each one to the location of the certificate though.
SSL is something else: apache, dovecot, postfix are all
services/programs. SSL is a protocol/way of encryption. Self-signed
means there is no Certificate Authority backing the legitimacy. Getting
a Let's Encrypt certificate (I recommend certbot) will get you a
legitime certificate, but only for the hostname (e.g.
web01.yourdomain.com) you provide it. This must be traceable to your
machine through DNS, so moving it to another machine would only work if
that machine would completely replace the old machine (domain name) and
the DNS is changed to point to your new IP address (or the old machine
gets taken out of 'the air' and the new machine gets the old one's IP
address).
Best.
MajorLabel
More information about the dovecot
mailing list