Certificate Installation : Dovecot + Exim

May 25, 2018 in SMTP

Installing Sectigo's SSL certificate on a Dovecot server is straight forward and simple. Please follow these instructions to install your SSL certificate on a Dovecot IMAP Server:

Step 1: Along with your certificate you may get the root and intermediate certificates. For Dovecot/Exim you need to put all these certificates including your site's certificate into one bundle file in order of decreasing distance from the root.

The 'ca-bundle' file already includes the root and intermediates (COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt).

cat domain_com.crt domain_com.ca-bundle > ssl-bundle.crt

In case you have received the root and intermediates certificates separately, run the following command.

cat domain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt

If you are Using GUI based Text Editor (Ex: Notepad):

(i) To concatenate the certificate files into single bundle file, first open domainname.crt and domainname.ca-bundle files using any text editor.

(ii) Now copy all the content of domainname.crt and paste it on the top of domainname.ca-bundle file.

(iii) Now save the file name as ‘ssl-bundle.crt’.

Note: If you have not the received the 'ca-bundle' file in the ZIP that we sent you, you can download it from this article's attachments. (End of this page)

Step 2: Add the following to your exim4.conf:

tls_certificate = CONFDIR/ssl/comodo/ssl-bundle.crt
tls_privatekey = CONFDIR/ssl/comodo/your_site.key

Step 3: Edit dovecot.conf:

ssl_cert = </etc/dovecot/ssl/comodo/ssl-bundle.crt
ssl_key = </etc/dovecot/ssl/comodo/your_site.key

Step 4: After you have configured the server, the SSL Installation can be verified with Qualys SSL Server Test tool.

Related Articles: