Following article describes how to get StartSSL certificates working with Dovecot. First of all read how to get free ssl certificate from StartSSL and actually create certificates or you can read to create self-signed certificate and use self-signed certificates and use them here changed the steps accordignly.
First step as usual is to create all required files and set access rights accordingly.
$ wget http://www.startssl.com/certs/sub.class1.server.ca.pem -O sub.class1.server.ca.pem $ cat www_certificate.pem sub.class1.server.ca.pem > /etc/ssl/certs/dovecot.pem $ cat www_privatekey.pem > /etc/ssl/private/dovecot.pem $ chown root:ssl-cert /etc/ssl/private/dovecot.pem $ chmod 644 /etc/ssl/private/dovecot.pem $ chown root:root /etc/ssl/certs/dovecot.pem $ chmod 444 /etc/ssl/certs/dovecot.pem
The SSL portion of the Dovecot config should look something like this.
ssl_cert_file = /etc/ssl/certs/dovecot.pem ssl_key_file = /etc/ssl/private/dovecot.pem
$ wget http://www.startssl.com/certs/ca.pem -O /tmp/ca.pem $ openssl s_client -CAfile /tmp/ca.pem -connect mail.example.org:993