Installing SSL Certificate for the mail server DirectAdmin
The article described below is a full description of the installation ssl certificate for the mail server.
Description has been prepared for the server panel DirectAdmin.
Assume that each of us has already generated certificate and have 3 files.
certyfikat.crt
klucz.key
certyfikatpośredni.crt
Each publisher certificate should provide just such files, they are necessary to install certificates for both Web and mail server.
edit the necessary files /etc/exim.key:
1 | nano /etc/exim.cert |
and we paste there our certificate which podejżymy file certyfikat.crt that we got from the publisher.
Edit your /etc/exim.key
1 | nano /etc/exim.key |
and there analogous paste the private key file that podejrzymy klucz.key from the publisher.
Another file is a file /etc/exim.cacert
perhaps it is not so it will create.
1 | nano /etc/exim.cacert |
Important note here.
The file should contain pasted at the beginning of the certificate then the intermediate CA certificates.
when all carefully glue we give permission to this file.
1 | chown mail.mail /etc/exim.cacert |
The next step is to edit the configuration file exim.conf
1 | nano /etc/exim.conf |
we find:
1 | tls_certificate = |
and set the whole in the following manner:
1 2 3 4 5 | #EDIT#23: tls_certificate = /etc/exim.certs tls_privatekey = /etc/exim.key openssl_options = +no_sslv2 +no_sslv3 tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP |
We already have almost everything.
We move all the settings to relevant files:
1 2 3 | cat /etc/exim.cert>/etc/exim.certs cat /etc/exim.cacert>>/etc/exim.certs chown mail.mail /etc/exim.certs |
The last step is to edit the configuration files dovecot
1 | nano /etc/dovecot/conf/ssl.conf |
The file should look like this:
1 2 3 4 5 6 | ssl_cert = </etc/exim.cert ssl_key = </etc/exim.key ssl_ca = </etc/exim.cacert ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP |
Left us a service restart.
1 | service exim restart |
1 | service dovecot restart |
That's it 😉
In the settings of the mail client as a server incoming and outgoing mail not only give mail.domena.pl domena.pl
SSL encryption
As a normal password authentication.