Todo: DH-Parameter einbinden
Wie in ssl beschrieben Server-Zertifikat bauen
cd /etc/ssl cp /root/server-ssl/servercert.pem certs/ cp /root/server-ssl/serverkey.pem private/ cp /home/ca/ca.*/cacert.pem certs/
chmod 640 private/serverkey.pem #chgrp ssl private/serverkey.pem
/etc/dovecot/conf.d/10-ssl.conf
: ( openSuSE 12.1 )
ssl = yes ssl_cert = </etc/ssl/certs/servercert.pem ssl_key = </etc/ssl/private/serverkey.pem
nc server.example.com 143
..
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
testssl server.example.com:993 testssl --starttls=imap server.example.com:143
openssl s_client -starttls imap -CAfile /etc/ssl/certs/cacert.pem -connect server.example.com:143