Email SSL

Discussion in 'Installation/Configuration' started by jonwatson, Jun 3, 2008.

  1. jonwatson

    jonwatson New Member

    Hi All,

    I need a little help understanding how to get a properly trusted security certificate for an ISPConfig server. I see the threads on how to create a self-signed SSL cert for email, but that's not going to cut it because email clients are still throwing the 'not trusted' warning. I have installed SSL certs many times for web servers so I understand the reasoning behind buying a cert from a third party trust CA, but I've never done it for email before. My questions are:

    1. When I go to RapidSSL or other places where I normally purchase SSL certificates for my web servers, there doesn't seem to be any way to purchase an 'email server' SSL certificate. The setup questions all surround the type of web server I'm running. Where does one get a certificate suitable for Postifx, for example.

    2. If I already have an SSL cert for this machine for the web server, can I re-use that certificate somehow for Postfix? Seems silly to have to have two SSL certs so I'm not sure what to do there.

    Any tips that will clarify this thing for me are appreciated.


  2. falko

    falko Super Moderator ISPConfig Developer

    That should work. Back up your self-signed certificate and then replace it with the one you bought and restart Postfix.
  3. jonwatson

    jonwatson New Member

    OK, thanks. I tried it once and it didn't seem to work, but I didn't know if it was supposed to work or not, so just reverted back while I researched.

  4. radim_h

    radim_h Member

    IT is definitelly working
    i'm using one SSL certificate for
    Apache in https://mail.mydomain.tld and also in postfix configuration and dovecot configuration on 3 debian servers with no problem..
  5. jonwatson

    jonwatson New Member


    Thanks for the tips. It seems I misunderstood which server was causing the problem. It is the IMAP connections to receive mail that is throwing the cert error.

    The IMAP server appears to be Dovecot and I see a dovecot.pem file which I believe to be the cert file. Is that the correct file to go messing with?


  6. radim_h

    radim_h Member

    i doesnt need to be pem, you can name it as you want, this is how my dovecot.conf looks:

    protocols = imap imaps pop3 pop3s

    ssl_cert_file = /etc/postfix/ssl/mail.mydomain.tld.crt
    ssl_key_file = /etc/postfix/ssl/mail.mydomain.tld.key

    disable_plaintext_auth = no
    pop3_uidl_format = %08Xu%08Xv
    protocol pop3 {

    protocol lda {
    # Address to use when sending rejection mails.
    postmaster_address = [email protected]

    auth_username_format ="%Ld_%Ln"

    auth default {
    mechanisms = plain login

    passdb pam {

    userdb passwd {

    socket listen {
    client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = postfix

    dict {

    plugin {

    the path to the certificates may be same for Apache, Postfix and Dovecot i have rename them here, and copied on two places, but it doesnt matter
    Last edited: Jun 6, 2008
  7. jonwatson

    jonwatson New Member

    I see. You've pointed dovecot to your postfix SSL cert and key. Ok, thanks. I will try this tonight.


Share This Page