Dovecot 加入 SSL 連線
[1.] install dovecot
[2.] vi /etc/pki/dovecot/dovecot-openssl.cnf
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no[ req_dn ]
# country (2 letter code)
#C=FI
# State or Province Name (full name)
#ST=# Locality Name (eg. city)
#L=Helsinki# Organization (eg. company)
#O=Dovecot# Organizational Unit Name (eg. section)
OU=IMAP server# Common Name (*.example.com is also possible)
CN=ssorc.tw# E-mail contact
emailAddress=cross@ssorc.tw[ cert_type ]
nsCertType = server
[3.] cd /usr/share/doc/dovecot-0.99.14/examples
cat mkcert.sh
#!/bin/sh
# Generates a self-signed certificate.
# Edit dovecot-openssl.cnf before running this.OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/pki/dovecot}
OPENSSLCONFIG=${OPENSSLCONFIG-$SSLDIR/dovecot-openssl.cnf}
CERTNAME=${CERTNAME-dovecot}CERTFILE=$SSLDIR/$CERTNAME.pem
KEYFILE=$SSLDIR/private/$CERTNAME.pemif [ ! -d $SSLDIR/certs ]; then
echo "$SSLDIR/certs directory doesn't exist"
fiif [ ! -d $SSLDIR/private ]; then
echo "$SSLDIR/private directory doesn't exist"
fiif [ -f $CERTFILE ]; then
echo "$CERTFILE already exists, won't overwrite"
exit 1
fiif [ -f $KEYFILE ]; then
echo "$KEYFILE already exists, won't overwrite"
exit 1
fi$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
chown root:root $CERTFILE $KEYFILE
chmod 0600 $CERTFILE $KEYFILE
echo
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2
這是安裝dovecot套件時就有的script檔
[4.] ./mkcert.sh
於 /etc/pki/dovecot/ 產生dovecot.pem 為 public key
於 /etc/pki/dovecot/private 產生dovecot.pem 為 private key
[5.] vi /etc/dovecot.conf
ssl_disable = no
ssl_cert_file = /etc/pki/dovecot/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
[6.] /etc/init.d/dovecot reload
[7.] 於outlook上的帳號的進階設定勾選"此伺服器需要加密連線(SSL)"
留言