Technology / Software / 

21 Jul 2022

Dovecot SSL Configuration

Warning: These notes are from 2015, and my SSL/TLS setup on my home server has changed substantially since then, with the introduction of and on-demand short-lived certificate generation. Here’s a 2019 blog post about that configuration.

Just some notes and memory aids for the next time I need to reconfigure Dovecot…

Paths to SSL keyfiles

ssl_cert = </etc/pki/dovecot/certs/dovecot.pem  -> /etc/ssl/my-server.crt ssl_key = </etc/pki/dovecot/private/dovecot.pem  -> /etc/ssl/private/my-server.key - Renamed the ones in use as of 7/15/15 (and which were expiring and not valid anyway) to dovecot-example.pem in both /certs and /private - My “good” one expires 2/8/2016, at which point a new one will need to be generated from the homebrew CA

Global SSL Config

Most system-wide SSL configuration lives in /etc/ssl/

Systemwide Cert Authority (CA) Cert


Getting info for a PEM certificate

openssl x509 -noout -in dovecot.pem  -text