How to create an imap ssl self-signed certificate

How to create an imap ssl self-signed certificate

Source: Internet
Author: User
Tags imap dovecot
How to create an imap ssl self-signed certificate

Today, I think the imap ssl self-signed certificate is incorrect. I can check it online, and no one can say it completely.

Clearly, there is no way. Please take a look at the official documentation and take a look at man page. Now I am studying

I understand what is going on. Just give it a brief look. (As a memo)

The following is an official explanation and configuration of dovecot:

The imap-login and pop3-login daemons which implement the IMAP and

POP3 protocols are
Added in the dovecot package. The use of IMAP and POP is configured

Through dovecot;
Default dovecot runs only IMAP. To configure dovecot to use POP:
1. Edit/etc/dovecot. conf to have the line:
Protocols = imap imaps pop3 pop3s
2. Make that change operational for the current session by running

Command:
/Sbin/service dovecot restart
3. Make that change operational after the next reboot by running

Command:
Chkconfig dovecot on
Please note that Dovecot only reports that it started the IMAP server,

But also starts the POP3
Server.
Unlike SMTP, both of these protocols require connecting clients

Authenticate using a username and
Password. By default, passwords for both protocols are passed over

Network unencrypted.
To configure SSL on Dovecot:
? Edit the Dovecot configuration file/etc/pki/Dovecot-

OpenSSL. conf as you prefer.
However in a typical installation, this file does not require

Modification.

Rename, move or delete the files/etc/pki/Dovecot/certs/Dovecot. pem

And/etc/pki/
Dovecot/private/Dovecot. pem.
? Execute the/usr/share/doc/dovecot-1.0/examples/mkcert. Sh script

Which creates
Dovecot self signed certificates. The certificates are copied in

/Etc/pki/dovecot/certs and
/Etc/pki/dovecot/private directories. To implement the changes,

Restart dovecot (/sbin/
Service dovecot restart ).

The official website is very simple, but it is classic. You only need to read man page and example carefully.
File, combined with the official Deployment_Guide.

I watched it for one day and it was finally clear in the evening.
The following is an explanation.

Chong Ge talked about how to create a self-signed certificate that day. The steps are as follows:

1. Modify/etc/dovecot. conf

Ssl_cert_file =/etc/pki/dovecot/certs/dovecot. pem
Ssl_key_file =/etc/pki/dovecot/private/dovecot. pem

Open the two lines of comment. The first line is the certificate file, and the second line is the private key file.
If you take the test, I think you should

Ssl_disable = no

This line of comment is also opened. Haha.

2. Create a certificate.
* Use the reset value of Country, State, Locality, and Organization Name
* Set Organization Unit to GLS
* Set the Common Name to station.example.com.
* Email Address is set to root@stationX.example.com
This is a requirement. During the generation process, the input is required step by step.

# Openssl genrsa 1024> server. key
# Openssl req-new-key server. key> server. csr
# Openssl req-x509-days 365-key server. key-in server. csr

> Server. crt

Before doing so, I read various files in/etc/pki/dovecot/and thought it was wrong for him to do so.

Later, I found that this is also acceptable, but it is not the best. There are some gaps with the official saying.

In dovecot, it provides a script to generate a self-signed certificate. Of course, this is quite well written.

. Next we will use it.

The following is my practice.

First time:

1. Copy/usr/share/doc/dovecot-1.0.7/examples/mkcert. sh

To/etc/pki/dovecot,
# Cp dovecot-openssl.cnf a. cnf
# Vi a. cnf
Modify all required parameters. Generally, the parameters are not commented out in the file.

# Vi mkcert. sh

Change the dovecot-openssl.cnf in the opensslconfig variable to a. cnf.

All right, you don't need to change anything else, and then
# Rm/etc/pki/dovecot/certs/dovecot. pem
# Rm/etc/pki/dovecot/private/dovecot. pem
#/Etc/pki/dovecot/mkcert. sh

OK to generate a new file. Look at dovecot. pem, a key file, and a cert certificate.

Books are generated. In this way, you don't need to back up the command. Of course, you don't need to back up the command. Look at mkert. sh.

The last two rows will be used. But the cert. sh and dovecot-openssl.cnf here are both well written.

We just need to use it directly. We don't need to do it on our own line. The obtained certificate is not the certificate of niub.

Haha.

One day we have some benefits. Okay. Haha. I think the main reason is to understand the research methods and ideas.

Supplement)

For imaps encrypted transmission, whether the self-signed certificate is successfully created can be verified through the mail client in linux:

# Mutt-f imaps: // test@station5.example.com.

Supplement)

I came back today and repeatedly compared the differences between certificates made by various methods. I found that the best method is

# Make-C/etc/pki/tls/certs/etc/pki/dovecot/certs/dovecot. pem

In the configuration file, change the key and certs to/etc/pki/dovecot/certs/dovecot. pem.

This is the same as the exam requirements. The method of modifying the certificate configuration file previously found that many of them do not adopt pre-settings, but we actually want them to take the default value.

Large-Scale Price Reduction
  • 59% Max. and 23% Avg.
  • Price Reduction for Core Products
  • Price Reduction in Multiple Regions
undefined. /
Connect with us on Discord
  • Secure, anonymous group chat without disturbance
  • Stay updated on campaigns, new products, and more
  • Support for all your questions
undefined. /
Free Tier
  • Start free from ECS to Big Data
  • Get Started in 3 Simple Steps
  • Try ECS t5 1C1G
undefined. /

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.