Installing SSL Certificate for the mail server DirectAdmin

Posted on by

The article described below is a full description of the installation ssl certificate for the mail server.
Description has been prepared for the server panel DirectAdmin.

Assume that each of us has already generated certificate and have 3 files.
certyfikat.crt
klucz.key
certyfikatpośredni.crt

Each publisher certificate should provide just such files, they are necessary to install certificates for both Web and mail server.

edit the necessary files /etc/exim.key:

1
nano /etc/exim.cert

and we paste there our certificate which podejżymy file certyfikat.crt that we got from the publisher.

Edit your /etc/exim.key

1
nano /etc/exim.key

and there analogous paste the private key file that podejrzymy klucz.key from the publisher.

Another file is a file /etc/exim.cacert
perhaps it is not so it will create.

1
nano /etc/exim.cacert

Important note here.

The file should contain pasted at the beginning of the certificate then the intermediate CA certificates.

when all carefully glue we give permission to this file.

1
chown mail.mail /etc/exim.cacert

The next step is to edit the configuration file exim.conf

1
nano /etc/exim.conf

we find:

1
tls_certificate =

and set the whole in the following manner:

1
2
3
4
5
#EDIT#23:
tls_certificate = /etc/exim.certs
tls_privatekey = /etc/exim.key
openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

We already have almost everything.
We move all the settings to relevant files:

1
2
3
cat /etc/exim.cert>/etc/exim.certs
cat /etc/exim.cacert>>/etc/exim.certs
chown mail.mail /etc/exim.certs

The last step is to edit the configuration files dovecot

1
nano /etc/dovecot/conf/ssl.conf

The file should look like this:

1
2
3
4
5
6
ssl_cert = </etc/exim.cert
ssl_key = </etc/exim.key
ssl_ca = </etc/exim.cacert
 
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

Left us a service restart.

1
service exim restart

1
service dovecot restart

That's it 😉

In the settings of the mail client as a server incoming and outgoing mail not only give mail.domena.pl domena.pl
SSL encryption
As a normal password authentication.

How useful this post was?

Click on the star, to evaluate it!

Average grade / 5. number of votes:

So far, no votes! Be the first to rate this post.