2.1. Dovecot SSL configuration

To secure mail retrieval, SSL support must be enabled for dovecot. You need to put in dovecot configuration file references to your SSL certificate, SSL certificate key and SSL certification autority bundle.
The dovecot configuration file should include:

dovecot.conf‎‏‎‎‎‎‎‏‎‎‎‎‎‎‎‎‎‎‏‎‎‏‎‎‎‏‏‏‏‏‏‎‏‏‏‏‏‏‎‏‏‎‎‏‎‏‎‎‎‏‎‏‏‏‏‏‎‎‎‎‎‏‎‏‎‎‏‏‏‏‏‏‏‎‏‎‎‏‎‎‎‏‎‎‏‏‏‏‏‎‎‎‏‏‎ SSL modifications

protocols = imap pop3 imaps pop3s
ssl_ca_file = /etc/ssl/ca-bundle.crt
ssl_cert_file = /etc/ssl/server.crt
ssl_key_file = /etc/ssl/server.key
ssl_verify_client_cert = no
verbose_ssl = yes

From the above example, the 'server.key' references your server's certificate key file, usually generated by you along with the certificate request. The other two files contains the 'CA Bundle', the certificates for the CA's on the certification path, and the server's certificate, provided by the certification authority. I haven't tested if the certificate key can be used encrypted, I always used an unencrypted form of the key file, secured by file system attributes. More info on what is a certification authority, a certificate request, a certificate key, etc, can be found on OpenSSL site and on certificate authority provider's web pages, like VeriSign, Thawte, Comodo, etc.

Up: Dovecot installation and configuration
Next: Postfix installation and configuration
Prev: MySQL Database installation