1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
|
From: Jaldhar H. Vyas <jaldhar@debian.org>
Date: Tue, 25 Sep 2012 01:12:07 -0400
Last-Update: Sun, 30 Nov 2014 23:59:07 -0500
Subject: SSL cert location
Description: Move dovecots generated X.509 certificate out of /etc/ssl where
it doesn't belong. Turn off ssl by default.
Bug: #608719
---
doc/example-config/conf.d/10-ssl.conf | 6 ++--
doc/mkcert.sh | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
--- a/doc/example-config/conf.d/10-ssl.conf
+++ b/doc/example-config/conf.d/10-ssl.conf
@@ -3,14 +3,14 @@
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
-#ssl = yes
+ssl = yes
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/ssl/certs/dovecot.pem
-ssl_key = </etc/ssl/private/dovecot.pem
+ssl_cert = </etc/dovecot/private/dovecot.pem
+ssl_key = </etc/dovecot/private/dovecot.key
# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
@@ -31,7 +31,7 @@
# submission service). The directory is usually /etc/ssl/certs in
# Debian-based systems and the file is /etc/pki/tls/cert.pem in
# RedHat-based systems.
-#ssl_client_ca_dir =
+ssl_client_ca_dir = /etc/ssl/certs
#ssl_client_ca_file =
# Request client to send a certificate. If you also want to require it, set
--- a/doc/mkcert.sh
+++ b/doc/mkcert.sh
@@ -8,19 +8,19 @@
SSLDIR=${SSLDIR-/etc/ssl}
OPENSSLCONFIG=${OPENSSLCONFIG-dovecot-openssl.cnf}
-CERTDIR=$SSLDIR/certs
-KEYDIR=$SSLDIR/private
+CERTDIR=/etc/dovecot/ssl
+KEYDIR=/etc/dovecot/ssl
CERTFILE=$CERTDIR/dovecot.pem
-KEYFILE=$KEYDIR/dovecot.pem
+KEYFILE=$KEYDIR/dovecot.key
if [ ! -d $CERTDIR ]; then
- echo "$SSLDIR/certs directory doesn't exist"
+ echo "$CERTDIR directory doesn't exist"
exit 1
fi
if [ ! -d $KEYDIR ]; then
- echo "$SSLDIR/private directory doesn't exist"
+ echo "$KEYDIR directory doesn't exist"
exit 1
fi
|