[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
howtos:network_services:postfix_dovecot_mysql:ssl [2015/02/15 08:36 (UTC)] – astrogeek | howtos:network_services:postfix_dovecot_mysql:ssl [2015/02/16 09:46 (UTC)] – First complete version astrogeek | ||
---|---|---|---|
Line 1: | Line 1: | ||
===== Configuring SSL Certificates ===== | ===== Configuring SSL Certificates ===== | ||
- | <note important> | ||
We will now create and install a self-signed SSL certificate to support secure email. | We will now create and install a self-signed SSL certificate to support secure email. | ||
- | You may want to replace these with a CA-signed | + | <note tip>The self-signed certificates we will generate here are in no way less secure than a certificate signed by a Certificate Authority, or CA. |
+ | However, users will recevie a notice and be asked to grant an exception for the self-signed | ||
+ | If this is important to your use case, simply obtain and substitute your own CA-signed certificates to the same locations used here.</ | ||
- | The dovecot package installs a script for generating self-signed certs at / | + | The dovecot package installs a script for generating self-signed certs at / |
The following commands will generate a certificate good for one year. You may adjust the value after -days to make the certificate valid for a different period of time. We will use the paths used here in later steps, so please note if you change them. | The following commands will generate a certificate good for one year. You may adjust the value after -days to make the certificate valid for a different period of time. We will use the paths used here in later steps, so please note if you change them. | ||
Line 17: | Line 18: | ||
chmod 600 / | chmod 600 / | ||
</ | </ | ||
+ | |||
+ | To troubleshoot SSL related problems, first make sure the certificates are in the correct locations and with the correct permissions set. Then verify that the applications using them are also configured with those saame paths. | ||
+ | |||
+ | Both postfix and dovecot also include options to make SSL related errors visible in their logs. | ||
+ | |||
[[howtos: | [[howtos: | ||
{{tag> | {{tag> |