[Dovecot] signing dovecot certs with own Cert. Auth.

Philip Hallstrom dovecot at philip.pjkh.com
Tue Sep 20 21:26:24 EEST 2005

> I'm trying to get apache, sendmail , and dovecot to
> use SSL certs signed by my own CA. I've got the apache
> certs working fine. However, dovecot ( I haven't even
> converter? Could it be the way that I'm signing the
> certificates?
> Any help would be appreciated.

I can't help you with dovecot since I've never used it (well not yet), but 
I've found this to be extremely helpful:


Also, when I setup apache, postfix, uw-imap to use certificates signed by 
my own CA, I followed suggestions from the mod-ssl faq.

I've got things setup so I have a "certs" directory.  Once in there I can 
type "./make.sh hostname" and it will make a certificate for that hostname 
and sign it.  I've also got "./pem.sh hostname" which will convert the 
certificate into the pem format which is what postfix/uw-imap expect.

Anyway, it's nice cause now I never have to think about how it all works 

Here's the scripts:

Instructions on how to become your own CA.  Note I set mine to expire in 
10 years so a year from now instead of 1 year by default.

Creates a certificate and then signs it using the sign.sh script.

straight from Ralf Engelshall except I increased the number of days to 

Convert the script to pem.

Hope this helps...

More information about the dovecot mailing list