Dovecot:
% wget http://www.startssl.com/certs/ca-bundle.crt
% cat ssl.crt sub.class1.server.ca.pem > /etc/ssl/dovecot/dovecot_crt.pem
% ln -s ssl.key /etc/ssl/dovecot/dovecot_key.pem
% cp ca-bundle.crt /etc/ssl/apache2/
dovecot.conf:
ssl_ca = </etc/ssl/apache2/ca-bundle.crt
ssl_cert = </etc/ssl/dovecot/dovecot_crt.pem
ssl_key = </etc/ssl/dovecot/dovecot_key.pem
http://nooms.de/articles/startssl.html
Postfix:
% ln -s ssl.crt cert.pem
% ln -s ssl.key key.pem
main.cf:
## TLS parameters ##
smtpd_use_tls=yes
smtpd_tls_cert_file=/etc/ssl/postfix/cert.pem
smtpd_tls_key_file=/etc/ssl/postfix/key.pem
smtp_tls_CAfile = /etc/ssl/apache2/ca.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
http://forum.startcom.org/viewtopic.php?t=80
Also see:
Hi, There is an error in your documentation.
# cp ca-bundle.crt /etc/ssl/apache2/
This command that first references the file ca-bundle.crt.
Where did you magically find this file from?
I see that you have downloaded your ca-bundle from :
wget http://www.startssl.com/certs/ca-bundle.crt
Advise: Most people use the same cert for the postfix and dovecot.
Why have you instructed the user to place the same cert in different places,
and then symbolically link these? Its insane, and will make updates to the certificate
problematic.
You make a good point, I’ll modify the post.
It’s not my creation, these are bits and pieces that i found and helped me achieve my goal.
The posts are not very detailed because this blog is more a personal KB and less a public howto repository