This is very simple. The first step is to create a self-signed key (or you can get your key signed by a CA if you'd like, follow your CA's instructions for this):
openssl req -new -x509 -nodes -out /var/imap/ -keyout /var/imap/ -days 999

NOTE: Make sure that you fill in the server's FQD (e.g. for "common name" or mail clients will complain! Now add Diffie-Hellman support:
openssl gendh 512 >>/var/imap/

And now check that it looks the way you expect it to:
openssl x509 -subject -dates -fingerprint -noout -in /var/imap/

Repeat for each virtual domain. Now we need to tell Cyrus where it's keys are. So edit /etc/cyrus/, and add the following lines to the end (if they are not already there):
tls_cert_file: /var/imap/
tls_key_file: /var/imap/

And repeate for each virtual domain. Now make sure you have the imaps and/or pop3s lines in cyrus.conf there and uncommented, restart Cyrus and you're all set! That brings us to the next section.

Last Updated: 06/23/02

This page is © Phil Dibowitz 2001 - 2004