help centre
For more info visit

How can we help?

Search our knowledge base for answers to
common questions and latest updates.

My activities New request


Using SSL certificates with atmail Exim and Dovecot - atmail 7.7 ->

Stewart -


I want to use my own SSL certificates with my atmail installation.


  • on-premise mailserver installations: version 7.7 ->


You can use SSL certificates to allow your users to access atmail via SSL. This document will show you how to convert SSL certificates in a format that can be used by Exim and Dovecot.


  1. Generate your custom SSL certificates with:
    % openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt
  2. Upon getting your SSL certificates, you will receive them in two files: .crt and .key. For the purposes of this document, we will put them in the directory: /usr/local/atmail/ssl/ as two files domain.key and domain.crt.
  3. You will need to convert the crt file to .PEM. This command will do it:
    % openssl x509 -in /usr/local/atmail/ssl/domain.crt -out /usr/local/atmail/ssl/domain.pem -outform PEM
  4. Afterwards, you will need a password-less key file:
    % openssl rsa -in /usr/local/atmail/ssl/domain.key -out /usr/local/atmail/ssl/domain-nopass.key
  5. Define the pathnames of the key and cert files in webadmin > services > POP3/IMAP.
  6. The SSL Certificate Path corresponds to your .pem file. For this example, the setting will be "/usr/local/atmail/ssl/domain.pem".
  7. The SSL key file corresponds to your passphrase-less key file. For this example, the setting will be "/usr/local/atmail/ssl/domain-nopass.key".
  8. Save changes.
  9. Should you want to verify this manually, open up /usr/local/atmail/mailserver/etc/dovecot/dovecot/dovecot.conf, and look for this code block:
    ssl_cert = </usr/local/atmail/ssl/domain.pem
    ssl_key = </usr/local/atmail/ssl/domain-nopass.key

    ssl = yes
  10. And here is the corresponding entry for /usr/local/atmail/mailserver/configure:
    tls_advertise_hosts = *
    log_selector = +tls_peerdn
  11. Restart Atmail services.
    % /etc/init.d/atmailserver restart
Have more questions? Submit a request


Contact our support team

+61 (7) 5357 6605