Configuring SSL Certificates
This page is supplemental to main article: Creating a Virtual Mail Server with Postfix, Dovecot and MySQL
We will now create and install a self-signed SSL certificate to support secure email.
The dovecot package installs a script for generating self-signed certs at /usr/doc/dovecot-2.2.13/mkcert.sh, which you may use if you prefer. The commands shown below do the same thing but save the certificate and key to a different path.
The following commands will generate a certificate good for one year. You may adjust the value after -days to make the certificate valid for a different period of time. We will use the paths used here in later steps, so please note if you change them.
mkdir -p /etc/ssl/localcerts openssl req -new -x509 -sha256 -days 365 -nodes -out /etc/ssl/localcerts/dove.pem -keyout /etc/ssl/private/dove.key chmod 600 /etc/ssl/localcerts/dove.pem chmod 600 /etc/ssl/private/dove.key
To troubleshoot SSL related problems, first make sure the certificates are in the correct locations and with the correct permissions set. Then verify that the applications using them are also configured with those saame paths.
Both postfix and dovecot also include options to make SSL related errors visible in their logs.
- Originally written by astrogeek