Enabling IMAPS (with ssl) for dovecot

October 5, 2008
Tags: , ,

Inspect Current Configuration

cd /etc/pki/dovecot/
more certs/dovecot.pem # This is the one that people will need
more private/dovecot.pem # This is the private half : Don’t reveal

However, the certificate (as it stands) is set up for ‘example.com’, so installing it doesn’t help you access email securely on your server.

The certificate is defined via :
more dovecot-openssl.cnf

Create New Configuration

This needs to be updated with your information, in particular the server entry :

cp dovecot-openssl.cnf dovecot-openssl.cnf-orig # Create a back-up, just in case
joe dovecot-openssl.cnf

Get rid of the old certificate pair :

rm /etc/pki/dovecot/certs/dovecot.pem
rm /etc/pki/dovecot/private/dovecot.pem

Create the certificate pair :

/usr/libexec/dovecot/mkcert.sh

Make sure that dovecot is expecting secure logins by ensuring

/etc/dovecot.conf

has the line :

protocols=imaps pop3s

Now restart dovecot (just in case – you may not need this) :

/etc/init.d/dovecot restart

Last Step – use the (public) certificate you created

Copy the contents of

/etc/pki/dovecot/certs/dovecot.pem

into a file on the local (email client) machine, and import the certificate.

In Thunderbird, this is done via : Tools-Options-Advanced-Certificates-ViewCertificates-Authorities-Import and then pick out the file with the dovecot.pem contents in it. Then, the account server options should be set to ’ssl’ (without secure authentication, though).

Comments are closed.