#1  
Old 3rd June 2008, 23:02
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 2 Times in 2 Posts
Default Email SSL

Hi All,

I need a little help understanding how to get a properly trusted security certificate for an ISPConfig server. I see the threads on how to create a self-signed SSL cert for email, but that's not going to cut it because email clients are still throwing the 'not trusted' warning. I have installed SSL certs many times for web servers so I understand the reasoning behind buying a cert from a third party trust CA, but I've never done it for email before. My questions are:

1. When I go to RapidSSL or other places where I normally purchase SSL certificates for my web servers, there doesn't seem to be any way to purchase an 'email server' SSL certificate. The setup questions all surround the type of web server I'm running. Where does one get a certificate suitable for Postifx, for example.

2. If I already have an SSL cert for this machine for the web server, can I re-use that certificate somehow for Postfix? Seems silly to have to have two SSL certs so I'm not sure what to do there.

Any tips that will clarify this thing for me are appreciated.

Thanks

Jon
Reply With Quote
Sponsored Links
  #2  
Old 4th June 2008, 19:57
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by jonwatson View Post
2. If I already have an SSL cert for this machine for the web server, can I re-use that certificate somehow for Postfix? Seems silly to have to have two SSL certs so I'm not sure what to do there.
That should work. Back up your self-signed certificate and then replace it with the one you bought and restart Postfix.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 4th June 2008, 20:46
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by falko View Post
That should work. Back up your self-signed certificate and then replace it with the one you bought and restart Postfix.
OK, thanks. I tried it once and it didn't seem to work, but I didn't know if it was supposed to work or not, so just reverted back while I researched.

Thanks
Reply With Quote
  #4  
Old 5th June 2008, 07:34
radim_h radim_h is offline
Senior Member
 
Join Date: Jan 2007
Location: Prague, Czech
Posts: 404
Thanks: 33
Thanked 23 Times in 18 Posts
Send a message via ICQ to radim_h
Default

IT is definitelly working
i'm using one SSL certificate for
Apache in https://mail.mydomain.tld and also in postfix configuration and dovecot configuration on 3 debian servers with no problem..
Reply With Quote
  #5  
Old 6th June 2008, 15:39
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 2 Times in 2 Posts
Default

Hi,

Thanks for the tips. It seems I misunderstood which server was causing the problem. It is the IMAP connections to receive mail that is throwing the cert error.

The IMAP server appears to be Dovecot and I see a dovecot.pem file which I believe to be the cert file. Is that the correct file to go messing with?

Thanks,

Jon
Reply With Quote
  #6  
Old 6th June 2008, 17:13
radim_h radim_h is offline
Senior Member
 
Join Date: Jan 2007
Location: Prague, Czech
Posts: 404
Thanks: 33
Thanked 23 Times in 18 Posts
Send a message via ICQ to radim_h
Default

i doesnt need to be pem, you can name it as you want, this is how my dovecot.conf looks:

protocols = imap imaps pop3 pop3s

ssl_cert_file = /etc/postfix/ssl/mail.mydomain.tld.crt
ssl_key_file = /etc/postfix/ssl/mail.mydomain.tld.key

disable_plaintext_auth = no
pop3_uidl_format = %08Xu%08Xv
protocol pop3 {
}

protocol lda {
# Address to use when sending rejection mails.
postmaster_address = postmaster@mydomain.tld
}

auth_username_format ="%Ld_%Ln"

auth default {
mechanisms = plain login

passdb pam {
}

userdb passwd {
}

socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}

dict {
}

plugin {
}


the path to the certificates may be same for Apache, Postfix and Dovecot i have rename them here, and copied on two places, but it doesnt matter

Last edited by radim_h; 6th June 2008 at 17:17.
Reply With Quote
  #7  
Old 6th June 2008, 17:27
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 2 Times in 2 Posts
 
Default

I see. You've pointed dovecot to your postfix SSL cert and key. Ok, thanks. I will try this tonight.

Jon
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
hotmail rejects outgoing email nzimas Server Operation 3 1st May 2009 03:39
SSL and IPs problem. debian-lover General 7 21st April 2008 11:59
Email SSL certificates expired teves Installation/Configuration 6 29th January 2008 19:23
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
email forwarding locally consumes all resources rdells General 20 1st May 2006 19:43


All times are GMT +2. The time now is 22:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.