SSL how to: install ssl on Dovecot IMAP serer

Following article describes how to get StartSSL certificates working with Dovecot. First of all read how to get free ssl certificate from StartSSL and actually create certificates or you can read to create self-signed certificate and use self-signed certificates and use them here changed the steps accordignly.

First step as usual is to create all required files and set access rights accordingly.

$ wget http://www.startssl.com/certs/sub.class1.server.ca.pem -O sub.class1.server.ca.pem
$ cat www_certificate.pem sub.class1.server.ca.pem > /etc/ssl/certs/dovecot.pem
$ cat www_privatekey.pem > /etc/ssl/private/dovecot.pem
$ chown root:ssl-cert /etc/ssl/private/dovecot.pem
$ chmod 644 /etc/ssl/private/dovecot.pem
$ chown root:root /etc/ssl/certs/dovecot.pem
$ chmod 444 /etc/ssl/certs/dovecot.pem

The SSL portion of the Dovecot config should look something like this.

ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem

Test imaps

$ wget http://www.startssl.com/certs/ca.pem -O /tmp/ca.pem
$ openssl s_client -CAfile /tmp/ca.pem -connect mail.example.org:993
Posted by:
Enjoyed this post? Share and Leave a comment below, thanks! :)