Blog

Configuring an Email Server's SSL Certificate

SSL
Mar 14

If you want to use your SSL certificate for mail, configure to the following settings.

Ispmanager

In the ISPmanager control panel, go to DomainsMail Domains and click SSL-certificate on the toolbar.

Replace the key values with your certificate keys and press OK.

Redhat-based

Exim Mail Server

Copy the SSL certificate file and the file with the key in /etc/exim/ssl/ . Enable access privileges for these files:

chmod 444 /etc/exim/ssl/mydomain.com.crt

chmod 400 /etc/exim/ssl/mydomain.com.key

Where mydomain.com.crt is the certificate name and mydomain.com.key is the name of the file with the key.

Open the exim.conf file for editing:

vi /etc/exim/exim.conf

Make the following edit:

# TLS/SSL

tls_advertise_hosts = *

tls_certificate = /etc/exim/ssl/mydomain.com.crt

tls_privatekey = /etc/exim/ssl/mydomain.com.key

daemon_smtp_ports = 25 : 465 : 587

tls_on_connect_ports = 365

Restart the mail server using the command:

systemctl restart exim

Dovecot Mail Server

Copy the SSL certificate file in /etc/pki/dovecot/certs/ and the file with the key in /etc/pki/dovecot/private/. Enable access privileges for these files:

chmod 600 /etc/pki/dovecot/certs/mydomain.com.crt

chmod 600 /etc/pki/dovecot/private/mydomain.com.key

Where mydomain.com.crt is the certificate name and mydomain.com.key is the name of the file with the key.

Open the 10-ssl.conf file for editing:

vi /etc/dovecot/conf.d/10-ssl.conf

Make the following edit:

ssl = yes

ssl_cert = </etc/pki/dovecot/certs/mydomain.com.crt

ssl_key = </etc/pki/dovecot/private/mydomain.com.key

Restart the mail server using the command:

systemctl restart dovecot

Debian-based

Exim Mail Server

Copy the SSL certificate file and the file with the key in /etc/exim4/ssl/. Enable access privileges for these files:

chown root:root /etc/exim4/ssl/mydomain.com.crt

chmod 644 /etc/exim4/ssl/mydomain.com.crt

chown Debian-exim:Debian-exim /etc/exim4/ssl/mydomain.com.key

chmow 400 /etc/exim4/ssl/mydomain.com.key

Where mydomain.com.crt is the certificate name and mydomain.com.key is the name of the file with the key.

Open the exim4.conf.template file for editing:

vi /etc/exim4/exim4.conf.template

Make the following edit:

tls_certificate = /etc/exim4/ssl/domain.com.crt

tls_privatekey = /etc/exim4/ssl/domain.com.key

Restart the mail server using the command:

systemctl restart exim4

Dovecot Mail Server

Copy the SSL certificate file in /etc/dovecot/ and the file with the key in /etc/dovecot/private/. Enable access privileges for these files:

chown root:dovecot /etc/dovecot/mydomain.com.crt

chmod 644 /etc/dovecot/mydomain.com.crt

chown root:dovecot /etc/dovecot/private/mydomain.com.key

chmod 600 /etc/dovecot/private/mydomain.com.key

Where mydomain.com.crt is the certificate name and mydomain.com.key is the name of the file with the key.

Open the 10-ssl.conf file for editing:

vi /etc/dovecot/conf.d/10-ssl.conf

Make the following edit:

ssl = yes

ssl_cert = </etc/dovecot/mydomain.com.crt

ssl_key = </etc/dovecot/private/mydomain.com.key

Restart the mail server using the command:

systemctl restart dovecot
BlogNext article