PROBLEM
I want to use my own SSL certificates with my atmail installation.
ENVIRONMENT
- on-premise mailserver installations: version 7.7 -> 7.8.0.1
CAUSE
You can use SSL certificates to allow your users to access atmail via SSL. This document will show you how to convert SSL certificates in a format that can be used by Exim and Dovecot.
RESOLUTION
- Generate your custom SSL certificates with:
% openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt
- Upon getting your SSL certificates, you will receive them in two files: .crt and .key. For the purposes of this document, we will put them in the directory: /usr/local/atmail/ssl/ as two files domain.key and domain.crt.
- You will need to convert the crt file to .PEM. This command will do it:
% openssl x509 -in /usr/local/atmail/ssl/domain.crt -out /usr/local/atmail/ssl/domain.pem -outform PEM
- Afterwards, you will need a password-less key file:
% openssl rsa -in /usr/local/atmail/ssl/domain.key -out /usr/local/atmail/ssl/domain-nopass.key
- Define the pathnames of the key and cert files in webadmin > services > POP3/IMAP.
- The SSL Certificate Path corresponds to your .pem file. For this example, the setting will be "/usr/local/atmail/ssl/domain.pem".
- The SSL key file corresponds to your passphrase-less key file. For this example, the setting will be "/usr/local/atmail/ssl/domain-nopass.key".
- Save changes.
- Should you want to verify this manually, open up /usr/local/atmail/mailserver/etc/dovecot/dovecot/dovecot.conf, and look for this code block:
#<DOVECOT_SSL_CERT>
ssl_cert = </usr/local/atmail/ssl/domain.pem
ssl_key = </usr/local/atmail/ssl/domain-nopass.key
#</DOVECOT_SSL_CERT>
#<SSL_DISABLE>
ssl = yes
#</SSL_DISABLE> - And here is the corresponding entry for /usr/local/atmail/mailserver/configure:
tls_advertise_hosts = *
log_selector = +tls_peerdn
tls_certificate=/usr/local/atmail/ssl/domain.pem
tls_privatekey=/usr/local/atmail/ssl/domain-nopass.key - Restart Atmail services.
% /etc/init.d/atmailserver restart
Comments