CONFIGURING CYRUS WITH SSL

This is very simple. The first step is to create a self-signed key (or you can get your key signed by a CA if you'd like, follow your CA's instructions for this):


openssl req -new -x509 -nodes -out /var/imap/domain1.com/domain1.com.pem -keyout /var/imap/domain1.com/domain1.com.pem -days 999

NOTE: Make sure that you fill in the server's FQD (e.g. mail.domain1.com) for "common name" or mail clients will complain! Now add Diffie-Hellman support:


openssl gendh 512 >>/var/imap/domain1.com/domain1.com.pem

And now check that it looks the way you expect it to:


openssl x509 -subject -dates -fingerprint -noout -in /var/imap/domain1.com/domain1.com.pem

Repeat for each virtual domain. Now we need to tell Cyrus where it's keys are. So edit /etc/cyrus/domain1.com.conf, and add the following lines to the end (if they are not already there):


tls_cert_file: /var/imap/domain1.com/domain1.com.pem

tls_key_file: /var/imap/domain1.com/domain1.com.pem

And repeate for each virtual domain. Now make sure you have the imaps and/or pop3s lines in cyrus.conf there and uncommented, restart Cyrus and you're all set! That brings us to the next section.

Last Updated: 06/23/02

This page is © Phil Dibowitz 2001 - 2004