Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
lpi2:dovecot-ssl [2015/05/21 09:41] |
lpi2:dovecot-ssl [2022/12/24 10:53] (aktuell) |
||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | Todo: DH-Parameter einbinden | ||
+ | |||
+ | ====== Vorraussetzungen ====== | ||
+ | * Einfache [[dovecot-imapd]] Installation | ||
+ | * [[ssl]] Zertifikat erzeugt | ||
+ | * Korrektes [[bind|DNS]] | ||
+ | * Korrekte [[zeitserver|Uhrzeiten]] auf allen Rechnern | ||
+ | |||
+ | ====== SSL / TLS für Dovecot ====== | ||
+ | ===== Server-Zertifikat für verschlüsselte Verbindungen ===== | ||
+ | Wie in [[ssl]] beschrieben Server-Zertifikat bauen | ||
+ | |||
+ | === openSuSE 12.1 === | ||
+ | cd /etc/ssl | ||
+ | cp /root/server-ssl/servercert.pem certs/ | ||
+ | cp /root/server-ssl/serverkey.pem private/ | ||
+ | cp /home/ca/ca.*/cacert.pem certs/ | ||
+ | |||
+ | chmod 640 private/serverkey.pem | ||
+ | #chgrp ssl private/serverkey.pem | ||
+ | |||
+ | ==== Dovecot konfigurieren ==== | ||
+ | https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1k&guideline=5.6 | ||
+ | |||
+ | ''/etc/dovecot/conf.d/10-ssl.conf'' : ( openSuSE 12.1 ) | ||
+ | <file> | ||
+ | ssl = yes | ||
+ | |||
+ | ssl_cert = </etc/ssl/certs/servercert.pem | ||
+ | ssl_key = </etc/ssl/private/serverkey.pem | ||
+ | </file> | ||
+ | |||
+ | ==== testen === | ||
+ | === nc === | ||
+ | nc server.example.com 143 | ||
+ | .. | ||
+ | <file> | ||
+ | * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. | ||
+ | </file> | ||
+ | === testssl === | ||
+ | testssl server.example.com:993 | ||
+ | testssl --starttls=imap server.example.com:143 | ||
+ | |||
+ | === openssl === | ||
+ | openssl s_client -starttls imap -CAfile /etc/ssl/certs/cacert.pem -connect server.example.com:143 | ||
+ | |||