On 22/06/21 06:17PM, Reinoud Zandijk wrote:
>
> The imapd daemon looks for the following files to use SSL:
>
> /etc/openssl/certs/imapd.pem (certificate)
> /etc/openssl/private/imapd.pem (private key)
>
> and similarly for the ipopd daemon.
>
> ===========================================================================
> Do you know how to create those certificates? And is logging in done anyway?
>
Yes, for imaps and pop3 you need to have the authoritative certificate
and key installed at the specified paths, as stated in the MESSAGE.
Clients will require a trusted cert from a certificate authority,like
Let's Encrypt. You can get one easily with security/py-certbot.
(Since the name of the package depends on the python version used to
build it, it's advisable to install pkgtools/pkg_alternatives, and
update the alternatives database, so that /usr/pkg/bin/certbot will
invoke your currently installed version.
To request a certificate from Let's Encrypt using certbot, for a server
running bozo-httpd:
# certbot certonly --webroot -w /var/www \
-d <domain.tld>,<sub1.domain.tld>,<sub1.domain.tld> \
- m <mail%domain.tld@localhost> --pre-hook "service httpd stop" \
-post-hook "service httpd start"
You can skip the webroot part and the hook if you don't run a web server.
You can then find your certificate and key at:
/usr/pkg/etc/letsencrypt/live/<domain.tld>
As `fullchain.pem` and `privkey.pem` respectively.
These will need to be manually symlinked or copied to the aforementioned
locations, which is:
/etc/openssl/certs/imapd.pem (certificate)
etc/openssl/private/imapd.pem (private key)
Then restart inetd, and your IMAP/POP3 server will be up and running
with SSL support.
Regards,
PVO
--
----------------------------+----------------------------
vms[-at]retrobsd.ddns.net | https://retrobsd.ddns.net
Attachment:
signature.asc
Description: PGP signature