[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Configuring SSL Certificates

This page is supplemental to main article: Creating a Virtual Mail Server with Postfix, Dovecot and MySQL

We will now create and install a self-signed SSL certificate to support secure email.

The self-signed certificates we will generate here are in no way less secure than a certificate signed by a Certificate Authority, or CA. However, users will recevie a notice and be asked to grant an exception for the self-signed certificates. If this is important to your use case, simply obtain and substitute your own CA-signed certificates to the same locations used here.

The dovecot package installs a script for generating self-signed certs at /usr/doc/dovecot-2.2.13/mkcert.sh, which you may use if you prefer. The commands shown below do the same thing but save the certificate and key to a different path.

The following commands will generate a certificate good for one year. You may adjust the value after -days to make the certificate valid for a different period of time. We will use the paths used here in later steps, so please note if you change them.

mkdir -p /etc/ssl/localcerts

openssl req -new -x509 -sha256 -days 365 -nodes -out /etc/ssl/localcerts/dove.pem -keyout /etc/ssl/private/dove.key

chmod 600 /etc/ssl/localcerts/dove.pem
chmod 600 /etc/ssl/private/dove.key

To troubleshoot SSL related problems, first make sure the certificates are in the correct locations and with the correct permissions set. Then verify that the applications using them are also configured with those saame paths.

Both postfix and dovecot also include options to make SSL related errors visible in their logs.

Return to main article page

Sources

 howtos:network_services:postfix_dovecot_mysql:ssl ()