Generating SSL key for Dovecot and Postfix
The comments from @drookie and @andytech helped me to solve the issue. There were no errors, just lack of understanding and attention.
After searching for answer even more, I found a good article about SSL-key generation: https://msol.io/blog/tech/create-a-self-signed-ssl-certificate-with-openssl/
Regarding the .pem
absence, I have missed that the certificate is generated into /etc/dovecot/cert.pem
and not into /etc/dovecto/private/cert.pem
.
Related videos on Youtube
0leg
Updated on September 18, 2022Comments
-
0leg over 1 year
Following this tutorial: https://www.vultr.com/docs/simple-mailserver-postfix-dovecot-sieve-debian
Trying to create a self-signed SSL certificate for testing purposes for my mail server, using code:
openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyout /etc/dovecot/private/mykey.key -out /etc/dovecot/mycert.pem
Now, modifying Postfix and Dovecot config files. What I don't understand is how this code:
smtpd_tls_cert_file = /etc/dovecot/private/mykey.pem smtpd_tls_key_file = /etc/dovecot/private/mycert.pem smtpd_use_tls = yes
And this code:
ssl = yes ssl_key = /etc/dovecot/private/mykey.pem ssl_cert = /etc/dovecot/private/mycert.pem
suppose to work? First of all there is only one file created -
/etc/dovecot/private/mykey.key
.May be someone can explain what files does one suppose to get after running
openssl
command - PEM of KEY file?EDIT: I understood that the result of this command:
openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyout /etc/dovecot/private/mykey.key -out /etc/dovecot/mycert.pem
should be 2 files generated -
mykey.pem
(unsigned key) andmycert.pem
(self-signed certificate), but it is not happening. I have done it in different way:openssl genrsa -out key.pem 2048 openssl req -new -key key.pem -out csr.pem openssl req -x509 -days 365 -key key.pem -in csr.pem -out certificate.pem
But curious why is this shortcut-code not working? Where is the syntax mistake?
-
Admin over 8 yearsBoth. But you didn't do your homework: howtos describing the self-signed certificate creation are widespread all over the internet. google://openssl self-signed certificate.
-
Admin over 8 yearsI was curious if the command ran successfully, since I've got only
mykey.key
-
Admin over 8 yearsHopefully silly question - you do realise the certificate file is being written to a different directory (/etc/dovecot) than the key file (/etc/dovecot/private), right?
-
Admin over 8 years@andytech Oh... OH!!!! And this is what happens when you look at the thing for too long.. you misses the obvious.
-
-
Toskan over 7 yearsjust say the article is wrong that you linked!
-
Toskan over 7 yearsjesus christ man! what a waste of time!!! not only is the path wrong, the file format of the file is wrong too! it is
mykey.key
notmykey.pem