[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
howtos:network_services:postfix_dovecot_mysql:ssl [2015/02/15 08:36 (UTC)] astrogeekhowtos:network_services:postfix_dovecot_mysql:ssl [2015/03/08 09:38 (UTC)] (current) – Sources and links astrogeek
Line 1: Line 1:
-===== Configuring SSL Certificates ===== +====== Configuring SSL Certificates ====== 
-<note important>This article is under construction and not complete! Please return later...</note>+ 
 +This page is supplemental to main article: [[howtos:network_services:postfix_dovecot_mysql|Creating a Virtual Mail Server with Postfix, Dovecot and MySQL]] 
 We will now create and install a self-signed SSL certificate to support secure email. We will now create and install a self-signed SSL certificate to support secure email.
  
-You may want to replace these with a CA-signed certificate if that better suits your needs.+<note tip>The self-signed certificates we will generate here are in no way less secure than certificate signed by a Certificate Authority, or CA
 +However, users will recevie a notice and be asked to grant an exception for the self-signed certificates. 
 +If this is important to your use case, simply obtain and substitute your own CA-signed certificates to the same locations used here.</note>
  
-The dovecot package installs a script for generating self-signed certs at /usr/doc/dovecot-2.2.13/mkcert.sh, which you may use if you prefer. The following commands do the same thing but to a different path.+The dovecot package installs a script for generating self-signed certs at /usr/doc/dovecot-2.2.13/mkcert.sh, which you may use if you prefer. The commands shown below do the same thing but save the certificate and key to a different path.
  
 The following commands will generate a certificate good for one year. You may adjust the value after -days to make the certificate valid for a different period of time. We will use the paths used here in later steps, so please note if you change them. The following commands will generate a certificate good for one year. You may adjust the value after -days to make the certificate valid for a different period of time. We will use the paths used here in later steps, so please note if you change them.
Line 17: Line 21:
 chmod 600 /etc/ssl/private/dove.key chmod 600 /etc/ssl/private/dove.key
 </code> </code>
 +
 +To troubleshoot SSL related problems, first make sure the certificates are in the correct locations and with the correct permissions set. Then verify that the applications using them are also configured with those saame paths.
 +
 +Both postfix and dovecot also include options to make SSL related errors visible in their logs.
 +
 [[howtos:network_services:postfix_dovecot_mysql|Return to main article page]] [[howtos:network_services:postfix_dovecot_mysql|Return to main article page]]
 +====== Sources ======
 +  * Originally written by [[wiki:user:astrogeek | astrogeek]]
 {{tag>howtos postfix dovecot ssl}} {{tag>howtos postfix dovecot ssl}}
 howtos:network_services:postfix_dovecot_mysql:ssl ()