Enabling IMAPS (with ssl) for dovecot
Inspect Current Configuration
more certs/dovecot.pem # This is the one that people will need
more private/dovecot.pem # This is the private half : Don’t reveal
However, the certificate (as it stands) is set up for ‘example.com’, so installing it doesn’t help you access email securely on your server.
The certificate is defined via :
Create New Configuration
This needs to be updated with your information, in particular the server entry :
cp dovecot-openssl.cnf dovecot-openssl.cnf-orig # Create a back-up, just in case joe dovecot-openssl.cnf
Get rid of the old certificate pair :
rm /etc/pki/dovecot/certs/dovecot.pem rm /etc/pki/dovecot/private/dovecot.pem
Create the certificate pair :
Make sure that dovecot is expecting secure logins by ensuring
/etc/dovecot.conf has the line :
Now restart dovecot (just in case - you may not need this) :
Last Step - use the (public) certificate you created
Copy the contents of
/etc/pki/dovecot/certs/dovecot.pem into a file on the local (email client) machine, and import the certificate.
In Thunderbird, this is done via : Tools-Options-Advanced-Certificates-ViewCertificates-Authorities-Import and then pick out the file with the dovecot.pem contents in it. Then, the account server options should be set to ‘ssl’ (without secure authentication, though).