August 17, 2010

 Using SSL certificates with Atmail

You can use SSL certificates to allow your users to access Atmail via SSL. This document will show you how to convert SSL certificates in a format that can be used by Apache, Exim and Dovecot.

1.) Upon getting your SSL certificates, you will receive them in two files: .crt and .key. For the purposes of this document, we will put them in the directory: /usr/local/atmail/ssl/ as two files domain.key and domain.crt.

2.) You will need to convert the crt file to .PEM. This command will do it:

% openssl x509 -inform der -in /usr/local/atmail/ssl/domain.crt -out /usr/local/atmail/ssl/domain.pem

3.) Afterwards, you will need a password-less key file:

% openssl rsa -in /usr/local/atmail/ssl/domain.key -out /usr/local/atmail/ssl/domain-nopass.key

4.) Define the pathnames of the key and cert files in WebAdmin > Services > POP3/IMAP.

5.) The SSL Certificate Path corresponds to your .pem file. For this example, the setting will be "/usr/local/atmail/ssl/domain.pem".

6.) The SSL key file corresponds to your passphrase-less key file. For this example, the setting will be "/usr/local/atmail/ssl/domain-nopass.key".

7.) Save changes.

8.) Should you want to verify this manually, open up /usr/local/atmail/mailserver/etc/dovecot.conf, and look for this line block:

ssl = yes
protocols = pop3 imap pop3s imaps
ssl_cert_file = /usr/local/atmail/ssl/domain.pem
ssl_key_file = /usr/local/atmail/ssl/domain-nopass.key

9.) And here is the corresponding entry for /usr/local/atmail/mailserver/configure:

tls_advertise_hosts = *
log_selector = +tls_peerdn
tls_certificate=/usr/local/atmail/ssl/domain.pem
tls_privatekey=/usr/local/atmail/ssl/domain-nopass.key

10.) Restart Atmail services.


Filed under: Atmail 5,Atmail 6,Encryption,Exim,Uncategorized — John Contad @ 8:05 pm

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment