##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
-#ssl = yes
+ssl = yes
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/ssl/certs/dovecot.pem
-ssl_key = </etc/ssl/private/dovecot.pem
+ssl_cert = </etc/dovecot/private/dovecot.pem
+ssl_key = </etc/dovecot/private/dovecot.key
# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
# RedHat-based systems. Note that ssl_client_ca_file isn't recommended with
# large CA bundles, because it leads to excessive memory usage.
#ssl_client_ca_dir =
+ssl_client_ca_dir = /etc/ssl/certs
#ssl_client_ca_file =
# Require valid cert when connecting to a remote server
SSLDIR=${SSLDIR-/etc/ssl}
OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
-CERTDIR=$SSLDIR/certs
-KEYDIR=$SSLDIR/private
+CERTDIR=/etc/dovecot/ssl
+KEYDIR=/etc/dovecot/ssl
CERTFILE=$CERTDIR/dovecot.pem
-KEYFILE=$KEYDIR/dovecot.pem
+KEYFILE=$KEYDIR/dovecot.key
if [ ! -d $CERTDIR ]; then
- echo "$SSLDIR/certs directory doesn't exist"
+ echo "$CERTDIR directory doesn't exist"
exit 1
fi
if [ ! -d $KEYDIR ]; then
- echo "$SSLDIR/private directory doesn't exist"
+ echo "$KEYDIR directory doesn't exist"
exit 1
fi
projects / dovecot.git / commitdiff