How to Install Certificates on Dovecot IMAP

Installing SSL certificates on a Dovecot server is straight forward and simple. Please follow these instructions to install your SSL certificate on a Dovecot IMAP Server:

Step 1: Along with your certificate you may get the root and intermediate certificates. For Dovecot/Exim you need to put all these certificates including your site's certificate into one bundle file in order of decreasing distance from the root.

The "ca-bundle" file already includes the root and intermediates (XYZRSADomainValidationSecureServerCA.crt XYZRSAAddTrustCA.crt AddTrustExternalCARoot.crt).

<code><em> cat domain_com.crt domain_com.ca-bundle > ssl-bundle.crt</em></code>

In case you have received the root and intermediates certificates separately, run the following command.

<code><em> cat domain_com.crt XYZRSADomainValidationSecureServerCA.crt XYZRSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt</em></code>

If you are Using GUI based Text Editor (Ex: Notepad):

(i) To concatenate the certificate files into single bundle file, first open domainname.crt and domainname.ca-bundle files using any text editor.

(ii) Now copy all the content of domainname.crt and paste it on the top of domainname.ca-bundle file.

(iii) Now save the file name as 'ssl-bundle.crt'.

Note: If you have not the received the 'ca-bundle' file in the ZIP that we sent you, you can download it from this article's attachments. (End of this page)

Step 2: Add the following to your exim4.conf:

tls_certificate = CONFDIR/ssl/XYZ/ssl-bundle.crt
tls_privatekey = CONFDIR/ssl/XYZ/your_site.key

Step 3: Edit dovecot.conf:

ssl_cert = </etc/dovecot/ssl/XYZ/ssl-bundle.crt
ssl_key = </etc/dovecot/ssl/XYZ/your_site.key