Hi All, I need a little help understanding how to get a properly trusted security certificate for an ISPConfig server. I see the threads on how to create a self-signed SSL cert for email, but that's not going to cut it because email clients are still throwing the 'not trusted' warning. I have installed SSL certs many times for web servers so I understand the reasoning behind buying a cert from a third party trust CA, but I've never done it for email before. My questions are: 1. When I go to RapidSSL or other places where I normally purchase SSL certificates for my web servers, there doesn't seem to be any way to purchase an 'email server' SSL certificate. The setup questions all surround the type of web server I'm running. Where does one get a certificate suitable for Postifx, for example. 2. If I already have an SSL cert for this machine for the web server, can I re-use that certificate somehow for Postfix? Seems silly to have to have two SSL certs so I'm not sure what to do there. Any tips that will clarify this thing for me are appreciated. Thanks Jon
That should work. Back up your self-signed certificate and then replace it with the one you bought and restart Postfix.
OK, thanks. I tried it once and it didn't seem to work, but I didn't know if it was supposed to work or not, so just reverted back while I researched. Thanks
IT is definitelly working i'm using one SSL certificate for Apache in https://mail.mydomain.tld and also in postfix configuration and dovecot configuration on 3 debian servers with no problem..
Hi, Thanks for the tips. It seems I misunderstood which server was causing the problem. It is the IMAP connections to receive mail that is throwing the cert error. The IMAP server appears to be Dovecot and I see a dovecot.pem file which I believe to be the cert file. Is that the correct file to go messing with? Thanks, Jon
i doesnt need to be pem, you can name it as you want, this is how my dovecot.conf looks: protocols = imap imaps pop3 pop3s ssl_cert_file = /etc/postfix/ssl/mail.mydomain.tld.crt ssl_key_file = /etc/postfix/ssl/mail.mydomain.tld.key disable_plaintext_auth = no pop3_uidl_format = %08Xu%08Xv protocol pop3 { } protocol lda { # Address to use when sending rejection mails. postmaster_address = [email protected] } auth_username_format ="%Ld_%Ln" auth default { mechanisms = plain login passdb pam { } userdb passwd { } socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } } dict { } plugin { } the path to the certificates may be same for Apache, Postfix and Dovecot i have rename them here, and copied on two places, but it doesnt matter
I see. You've pointed dovecot to your postfix SSL cert and key. Ok, thanks. I will try this tonight. Jon
