This article will go into detail on how to install certificates on Dovecot IMAP.
Installing SSL certificates on a Dovecot server is straight forward and simple. Please follow these instructions to install your SSL certificate on a Dovecot IMAP Server:
Step 1: Along with your certificate you may get the root and intermediate certificates. For Dovecot/Exim you need to put all these certificates including your site's certificate into one bundle file in order of decreasing distance from the root.
The "ca-bundle" file already includes the root and intermediates (XYZRSADomainValidationSecureServerCA.crt XYZRSAAddTrustCA.crt AddTrustExternalCARoot.crt).
<code><em> cat domain_com.crt domain_com.ca-bundle > ssl-bundle.crt</em></code>
In case you have received the root and intermediates certificates separately, run the following command.
<code><em> cat domain_com.crt XYZRSADomainValidationSecureServerCA.crt XYZRSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt</em></code>
If you are Using GUI based Text Editor (Ex: Notepad):
(i) To concatenate the certificate files into single bundle file, first open domainname.crt and domainname.ca-bundle files using any text editor.
(ii) Now copy all the content of domainname.crt and paste it on the top of domainname.ca-bundle file.
(iii) Now save the file name as 'ssl-bundle.crt'.
Note: If you have not the received the 'ca-bundle' file in the ZIP that we sent you, you can download it from this article's attachments. (End of this page)
Step 2: Add the following to your exim4.conf:
tls_certificate = CONFDIR/ssl/XYZ/ssl-bundle.crt
tls_privatekey = CONFDIR/ssl/XYZ/your_site.key
Step 3: Edit dovecot.conf:
ssl_cert = </etc/dovecot/ssl/XYZ/ssl-bundle.crt
ssl_key = </etc/dovecot/ssl/XYZ/your_site.key