Mailinglist Archive: opensuse (963 mails)

< Previous Next >
Re: [opensuse] I'm stuck - SSL Certs / email server
On 04/25/2011 09:37 PM, David C. Rankin wrote:
On 04/21/2011 05:39 PM, Jim Flanagan wrote:
As I said I think I'm very close to having this set up right. Something I'm
missing. Not sure what.

Jim,

If you get to the point that cyrus isn't working ... just load dovecot. It is simple to configure and setup for imaps. IIRC, the suse dovecot package contains a script to generate the ssl certs (mkcert.sh). Just edit the dovecot-openssl.cnf file in /usr/share/doc/packages/dovecot to fit your needs and run the mkcert.sh script to install the dovecot.pem certs in /etc/ssl/{certs,private} dirs and you're done.

The entire dovecot.conf for imaps (dovecot-2) will look something similar to this:

mail_location = mbox:~/Mail:INBOX=/var/spool/mail/%u
passdb {
driver = pam
}
protocols = imap
service auth {
user = root
}
service imap-login {
inet_listener imap {
port = 0
}
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
driver = passwd
}
protocol lda {
postmaster_address = postmaster@xxxxxxxxxxxxxxx
}


Thanks David. This has been giving me fits, and I may switch over, but I'm not ready to do that just yet. I do have Cyrus imap running on my old server and it has been rock solid. I have a cert on that but its not even signed by me. What I'm trying to do this time is to have a cert that is signed by an authority that is recognized by most browsers so the cert errors don't flag up on new clients. And one that's free, as in beer. Which I need at this point! :)

Sounds simple, but apparently not for me. Still working it. Will try to document all this if and when I get it done.

Many thanks,

Jim F
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >