Dovecot 加入 SSL 連線

 

[1.] install dovecot

 

[2.] vi /etc/pki/dovecot/dovecot-openssl.cnf

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
# country (2 letter code)
#C=FI

# State or Province Name (full name)
#ST=

# Locality Name (eg. city)
#L=Helsinki

# Organization (eg. company)
#O=Dovecot

# Organizational Unit Name (eg. section)
OU=IMAP server

# Common Name (*.example.com is also possible)
CN=ssorc.tw

# E-mail contact
emailAddress=cross@ssorc.tw

[ cert_type ]
nsCertType = server

[3.] cd /usr/share/doc/dovecot-0.99.14/examples

      cat mkcert.sh

#!/bin/sh

# Generates a self-signed certificate.
# Edit dovecot-openssl.cnf before running this.

OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/pki/dovecot}
OPENSSLCONFIG=${OPENSSLCONFIG-$SSLDIR/dovecot-openssl.cnf}
CERTNAME=${CERTNAME-dovecot}

CERTFILE=$SSLDIR/$CERTNAME.pem
KEYFILE=$SSLDIR/private/$CERTNAME.pem

if [ ! -d $SSLDIR/certs ]; then
echo "$SSLDIR/certs directory doesn't exist"
fi

if [ ! -d $SSLDIR/private ]; then
echo "$SSLDIR/private directory doesn't exist"
fi

if [ -f $CERTFILE ]; then
echo "$CERTFILE already exists, won't overwrite"
exit 1
fi

if [ -f $KEYFILE ]; then
echo "$KEYFILE already exists, won't overwrite"
exit 1
fi

$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
chown root:root $CERTFILE $KEYFILE
chmod 0600 $CERTFILE $KEYFILE
echo
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2

   這是安裝dovecot套件時就有的script檔

 

[4.] ./mkcert.sh

 

   於 /etc/pki/dovecot/ 產生dovecot.pem 為 public key

 

   於 /etc/pki/dovecot/private 產生dovecot.pem 為 private key

 

[5.] vi  /etc/dovecot.conf

ssl_disable = no

ssl_cert_file = /etc/pki/dovecot/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem

[6.] /etc/init.d/dovecot reload

 

[7.] 於outlook上的帳號的進階設定勾選"此伺服器需要加密連線(SSL)"

 

最後修改日期: 2006 年 11 月 14 日

作者

留言

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。