Phone: +65-8585-1750

Address: 30 Holland Close, Singapore

Enabling IMAPS (with ssl) for dovecot

Sun, Oct 5, 2008 mdda OSS Blog Comments

Enabling IMAPS (with ssl) for dovecot

Inspect Current Configuration

cd /etc/pki/dovecot/
more certs/dovecot.pem # This is the one that people will need
more private/dovecot.pem # This is the private half : Don’t reveal

However, the certificate (as it stands) is set up for ‘example.com’, so installing it doesn’t help you access email securely on your server.

The certificate is defined via :
more dovecot-openssl.cnf

Create New Configuration

This needs to be updated with your information, in particular the server entry :

cp dovecot-openssl.cnf dovecot-openssl.cnf-orig # Create a back-up, just in case  
joe dovecot-openssl.cnf   

Get rid of the old certificate pair :

rm /etc/pki/dovecot/certs/dovecot.pem   
rm /etc/pki/dovecot/private/dovecot.pem  

Create the certificate pair :

/usr/libexec/dovecot/mkcert.sh  

Make sure that dovecot is expecting secure logins by ensuring /etc/dovecot.conf has the line :

protocols=imaps pop3s  

Now restart dovecot (just in case - you may not need this) :

/etc/init.d/dovecot restart  

Last Step - use the (public) certificate you created

Copy the contents of /etc/pki/dovecot/certs/dovecot.pem into a file on the local (email client) machine, and import the certificate.

In Thunderbird, this is done via : Tools-Options-Advanced-Certificates-ViewCertificates-Authorities-Import and then pick out the file with the dovecot.pem contents in it. Then, the account server options should be set to ‘ssl’ (without secure authentication, though).


blog comments powered by Disqus