help centre
For more info visit status.atmail.com

How can we help?


Search our knowledge base for answers to
common questions and latest updates.



My activities New request

Follow

Using SSL certificates with atmail Exim and Dovecot - atmail 7.7 -> 7.8.0.1

Stewart -

PROBLEM

I want to use my own SSL certificates with my atmail installation.

ENVIRONMENT

  • on-premise mailserver installations: version 7.7 -> 7.8.0.1

CAUSE

You can use SSL certificates to allow your users to access atmail via SSL. This document will show you how to convert SSL certificates in a format that can be used by Exim and Dovecot.

RESOLUTION

  1. Generate your custom SSL certificates with:
    % openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt
  2. Upon getting your SSL certificates, you will receive them in two files: .crt and .key. For the purposes of this document, we will put them in the directory: /usr/local/atmail/ssl/ as two files domain.key and domain.crt.
  3. You will need to convert the crt file to .PEM. This command will do it:
    % openssl x509 -in /usr/local/atmail/ssl/domain.crt -out /usr/local/atmail/ssl/domain.pem -outform PEM
  4. Afterwards, you will need a password-less key file:
    % openssl rsa -in /usr/local/atmail/ssl/domain.key -out /usr/local/atmail/ssl/domain-nopass.key
  5. Define the pathnames of the key and cert files in webadmin > services > POP3/IMAP.
  6. The SSL Certificate Path corresponds to your .pem file. For this example, the setting will be "/usr/local/atmail/ssl/domain.pem".
  7. The SSL key file corresponds to your passphrase-less key file. For this example, the setting will be "/usr/local/atmail/ssl/domain-nopass.key".
  8. Save changes.
  9. Should you want to verify this manually, open up /usr/local/atmail/mailserver/etc/dovecot/dovecot/dovecot.conf, and look for this code block:
    #<DOVECOT_SSL_CERT>
    ssl_cert = </usr/local/atmail/ssl/domain.pem
    ssl_key = </usr/local/atmail/ssl/domain-nopass.key
    #</DOVECOT_SSL_CERT>

    #<SSL_DISABLE>
    ssl = yes
    #</SSL_DISABLE>
  10. And here is the corresponding entry for /usr/local/atmail/mailserver/configure:
    tls_advertise_hosts = *
    log_selector = +tls_peerdn
    tls_certificate=/usr/local/atmail/ssl/domain.pem
    tls_privatekey=/usr/local/atmail/ssl/domain-nopass.key
  11. Restart Atmail services.
    % /etc/init.d/atmailserver restart
Have more questions? Submit a request

Comments


Contact our support team


+61 (7) 5357 6605       support@atmail.com