On Tue, Jun 30, 2009 at 11:02 AM, Steffen Kaiser<skdove...@smail.inf.fh-brs.de> wrote: > We do not use Verisign, so I don't know. However, OpenSSL uses PEM-format as > does Apache. So I'd guess "Apache" is OK. > > Maybe, you find infos regarding PEM format on Verisign pages.
I am downloading my SSL certificate from Verisign.com right now. Verisign advised me that I need to download the x.509 since I am using a non-microsoft platform for my SSL certificates. I downloaded the certificate from the site and pasted it into a file /etc/ssl/mail.crt I already had a mail.key file which is what I assume to be my private key I sent to Verisign which they used to create the public key I just pasted into mail.crt. Now I have mail.crt and mail.key files in my ssl/ directory. My next question is applying them so Dovecot can use them for TLS. When I edit me dovecot.conf file, I uncommented the following with the values you see below: > ssl_cert_file = /etc/ssl/mail.crt > ssl_key_file = /etc/ssl/mail.key > ssl_listen: 993 > ssl_key_password: ******************* > ssl_disable = no > ssl_parameters_regenerate = 168 Now it works fine. I can open up my mail client (Mozilla Thunderbird) and configure it to use TLS. Now I see a little "pad lock" icon near my mail account to show it's using security settings. My question now after it appears to be working, did I configure this properly for TLS? Users can still log into the IMAP server and get their mail via plain text or with the SSL certificate. Did I set the correct port for ssl_listen or is that for SSL only and not TLS? Comments / Suggestions?