Re: Dovecot installation and ssl certificates
Jerry Stuckle writes:
Sure you can:
(STARTTLS style) openssl s_client -starttls pop3 -connect your.pop.server:110
(SSL style) openssl s_client -connect your.pop.server:995
You can also use ncat (exercise left to the reader).
"localhost", I believe, is a specific exclusion where SSL in *not* enforced during the session.
This looks like an error message stating STARTTLS was expected but the client used a plaintext session. Try enabling STARTTLS on your Thunderbird.
If that is not the cause ...
Ref: https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/
The most important dovecot configurations are
ssl_cert = </path/to/your/server.crt ssl_key = </path/to/your/server.key
You can have protocol specific certificates e.g.
protocol pop3 { ssl_cert = ... ssl_key = ... }
but you'll typically put this outside the protocol section so that there is one default certificate.
Maybe running doveconf will tell you where your installation expects the main configuration file to be. This file may include other config files.
This depends on how you set up your filesystem and authentication and your security constraints. You'll have to be more specific on your setup.
Confining my reply to just SSL setup, you can obtain a SSL certificate with multiple domains named listed, which makes multi-domain SSL support easier.
Joseph Tam <jtam.home@gmail.com>
participants (1)
-
Joseph Tam