My activities New request

contact atmail support

PH: +61 (7) 5357-6605

support@atmail.com

Follow

Using SSL certificates with atmail Exim and Dovecot - atmail 7.7 -> 7.8.0.1

Stewart -

PROBLEM

I want to use my own SSL certificates with my atmail installation.

ENVIRONMENT

  • on-premise mailserver installations: version 7.7 -> 7.8.0.1

CAUSE

You can use SSL certificates to allow your users to access atmail via SSL. This document will show you how to convert SSL certificates in a format that can be used by Exim and Dovecot.

RESOLUTION

  1. Generate your custom SSL certificates with:
    % openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt
  2. Upon getting your SSL certificates, you will receive them in two files: .crt and .key. For the purposes of this document, we will put them in the directory: /usr/local/atmail/ssl/ as two files domain.key and domain.crt.
  3. You will need to convert the crt file to .PEM. This command will do it:
    % openssl x509 -in /usr/local/atmail/ssl/domain.crt -out /usr/local/atmail/ssl/domain.pem -outform PEM
  4. Afterwards, you will need a password-less key file:
    % openssl rsa -in /usr/local/atmail/ssl/domain.key -out /usr/local/atmail/ssl/domain-nopass.key
  5. Define the pathnames of the key and cert files in webadmin > services > POP3/IMAP.
  6. The SSL Certificate Path corresponds to your .pem file. For this example, the setting will be "/usr/local/atmail/ssl/domain.pem".
  7. The SSL key file corresponds to your passphrase-less key file. For this example, the setting will be "/usr/local/atmail/ssl/domain-nopass.key".
  8. Save changes.
  9. Should you want to verify this manually, open up /usr/local/atmail/mailserver/etc/dovecot/dovecot/dovecot.conf, and look for this code block:
    #<DOVECOT_SSL_CERT>
    ssl_cert = </usr/local/atmail/ssl/domain.pem
    ssl_key = </usr/local/atmail/ssl/domain-nopass.key
    #</DOVECOT_SSL_CERT>

    #<SSL_DISABLE>
    ssl = yes
    #</SSL_DISABLE>
  10. And here is the corresponding entry for /usr/local/atmail/mailserver/configure:
    tls_advertise_hosts = *
    log_selector = +tls_peerdn
    tls_certificate=/usr/local/atmail/ssl/domain.pem
    tls_privatekey=/usr/local/atmail/ssl/domain-nopass.key
  11. Restart Atmail services.
    % /etc/init.d/atmailserver restart
Have more questions? Submit a request

Comments