Per-IP ssl certificates for dovecot


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » Email » Dovecot

Per-IP ssl certificates for dovecotLast Modified: Jun 23, 2015, 1:51 am
At the moment, this guide is more for the gathering of useful information on dovecot's ability to use multiple SSL certificates (one per IP).  Testing has not been done and automation has not yet been implemented, but this info should be useful for the time that we do decide to implement it.

1) In the main dovecot.conf, related line to include many files that may or may not exist:

!include_try /etc/dovecot/certs/*.conf

which would be added around the ssl_cert/ssl_key lines in the dovecot.conf.

2) Create the /etc/dovecot/certs folder, and in it, create a file called 1.2.3.4.conf (where 1.2.3.4 would be replaced by the IP in question.  In that file add the code

local 1.2.3.4 {
    ssl_cert = </usr/local/directadmin/data/users/username/domains/domain.com.cert
    ssl_key = </usr/local/directadmin/data/users/username/domains/domain.com.key
    ssl_ca = </usr/local/directadmin/data/users/username/domains/domain.com.cacert
}

where the ssl_ca line would only be added if the com.com.cacert file exists.
Repeat for each IP that needs it's own ssl certificate.

I'm assuming that dovecot should have root privilege when reading in the config, to avoid issues with it running as "mail", and not being able to read the cert/key pairs from the directadmin directory. (would need to be tested)

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST