Installing SSL Certificate for the mail server DirectAdmin

Posted on 6 March 201818 October 2018 by Linux

The article described below is a full description of the installation ssl certificate for the mail server.
Description has been prepared for the server panel DirectAdmin.

Assume that each of us has already generated certificate and have 3 files.
certyfikat.crt
klucz.key
certyfikatpośredni.crt

Each publisher certificate should provide just such files, they are necessary to install certificates for both Web and mail server.

edit the necessary files /etc/exim.key:

nano /etc/exim.cert

1	nano /etc/exim.cert

and we paste there our certificate which podejżymy file certyfikat.crt that we got from the publisher.

Edit your /etc/exim.key

nano /etc/exim.key

1	nano /etc/exim.key

and there analogous paste the private key file that podejrzymy klucz.key from the publisher.

Another file is a file /etc/exim.cacert
perhaps it is not so it will create.

nano /etc/exim.cacert

1	nano /etc/exim.cacert

Important note here.

The file should contain pasted at the beginning of the certificate then the intermediate CA certificates.

when all carefully glue we give permission to this file.

chown mail.mail /etc/exim.cacert

1	chown mail.mail /etc/exim.cacert

The next step is to edit the configuration file exim.conf

nano /etc/exim.conf

1	nano /etc/exim.conf

we find:

tls_certificate =

1	tls_certificate =

and set the whole in the following manner:

#EDIT#23:
tls_certificate = /etc/exim.certs
tls_privatekey = /etc/exim.key
openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

#EDIT#23:

tls_certificate = /etc/exim.certs

tls_privatekey = /etc/exim.key

openssl_options = +no_sslv2 +no_sslv3

tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

We already have almost everything.
We move all the settings to relevant files:

cat /etc/exim.cert>/etc/exim.certs
cat /etc/exim.cacert>>/etc/exim.certs
chown mail.mail /etc/exim.certs

cat /etc/exim.cert>/etc/exim.certs

cat /etc/exim.cacert>>/etc/exim.certs

chown mail.mail /etc/exim.certs

The last step is to edit the configuration files dovecot

nano /etc/dovecot/conf/ssl.conf

1	nano /etc/dovecot/conf/ssl.conf

The file should look like this:

ssl_cert = </etc/exim.cert
ssl_key = </etc/exim.key
ssl_ca = </etc/exim.cacert

ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

ssl_cert = </etc/exim.cert

ssl_key = </etc/exim.key

ssl_ca = </etc/exim.cacert

ssl_protocols = !SSLv2 !SSLv3

ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

Left us a service restart.

service exim restart

1	service exim restart

service dovecot restart

1	service dovecot restart

That's it 😉

In the settings of the mail client as a server incoming and outgoing mail not only give mail.domena.pl domena.pl
SSL encryption
As a normal password authentication.