SSL Certificates with dovecot

Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"

Top Level » Email » Dovecot
Top Level » SSL

SSL Certificates with dovecotLast Modified: Oct 27, 2016, 9:37 pm
DirectAdmin 1.51.0+ will have this ability natively built in, disabled by default:

By default, the /etc/dovecot/dovecot.conf will use the exim cert/key files:


so if you're wondering where to set your files, that's where.

Dovecot also supports per-IP certificates, in case you need multiple certificates with dovecot.
/etc/dovecot/dovecot.conf additions:

local_name {
     ssl_cert = </etc/ssl/certs/
     ssl_key = </etc/ssl/private/

local_name {
     ssl_cert = </etc/ssl/certs/
     ssl_key = </etc/ssl/private/

Adjust the values and paths as desired.  Make sure the crt and key files are readable by "mail".

Newer servers, and newer mail clients might support SNI (don't count on it), in which case you can replace the IPs for the local_name values, with the actual "" values, but the client should use that exact name for it to work.

Intermediate Certificates

If you have a CA Root certificate (ca bundle, chain, etc.) you can put it in:


and you'd need to either add:

ssl_ca = </etc/exim.cacert

to your /etc/dovecot/dovecot.conf.
You might need to lock the dovecot.conf with "chattr +i dovecot.conf" to prevent CustomBuild from altering it.


If you simply put your ca bundle in the /etc/exim.cert, below the main certificate, dovecot can read this correctly.
For both exim and dovecot, doing it this way saves any need for any changes to the exim.conf and dovecot.conf(ssl.conf)
Related Helpfiles
How to create a new self-signed /etc/exim.cert and /etc/exim.key
SSL Certificates with Exim

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST