[BlueOnyx:13346] Re: SSL certificate for email
Dogsbody
dan at dogsbody.org
Mon Jul 15 16:35:14 -05 2013
On 15/07/2013 18:41, Chris Gebhardt - VIRTBIZ Internet wrote:
> The SSL is installed already on the website and works fine. Is there a
> procedure to also use that certificate for email services? Or is there
> a procedure to install a signed cert for email?
I do this for my servers and there are a few gotchas but it kinda
depends what you want to do....
BlueOnyx 5108R will actually do all of this for you if you add a cert to
the server via the GUI (Server Management, Security, SSL). This cert
will then be used by sendmail and dovecot although you do sometimes need
to restart sendmail and dovecot to get it to reload the config.
Sendmail will talk SSL on all ports (with some exceptions) however IMAP
and POP3 will only talk SSL on their respective SSL ports (993 & 995).
As Richard mentions different clients then deal with the different
servernames in different ways, some work, some don't. If you can use a
wildcard cert on the same domain as the server hostname then great.
The last gotcha is Cert Authorities. Adding a CA to the GUI will update
Apache and sendmail but not dovecot. The mail I sent the list last
month fixes that [BlueOnyx:13228] and hopefully Michael can add it in
future releases.
cp /etc/admserv/certs/ca-certs /etc/pki/dovecot/certs/ca.pem
vi /etc/dovecot/conf.d/10-ssl.conf
# add the following line
ssl_ca = </etc/pki/dovecot/certs/ca.pem
service dovecot restart
I hope this helps.
Dan
--
Find me online : http://www.dogsbody.info/
More information about the Blueonyx
mailing list