CONFIGURING CYRUS WITH SSL
This is very simple. The first step is to create a self-signed key (or you can get your key signed by a CA if you'd like, follow your CA's instructions for this):
openssl req -new -x509 -nodes -out /var/imap/domain1.com/domain1.com.pem -keyout /var/imap/domain1.com/domain1.com.pem -days 999
NOTE: Make sure that you fill in the server's FQD (e.g. mail.domain1.com) for "common name" or mail clients will complain! Now add Diffie-Hellman support:
openssl gendh 512 >>/var/imap/domain1.com/domain1.com.pem
And now check that it looks the way you expect it to:
openssl x509 -subject -dates -fingerprint -noout -in /var/imap/domain1.com/domain1.com.pem
Repeat for each virtual domain. Now we need to tell Cyrus where it's keys are. So edit /etc/cyrus/domain1.com.conf, and add the following lines to the end (if they are not already there):
tls_cert_file: /var/imap/domain1.com/domain1.com.pem
tls_key_file: /var/imap/domain1.com/domain1.com.pem
And repeate for each virtual domain. Now make sure you have the imaps and/or pop3s lines in cyrus.conf there and uncommented, restart Cyrus and you're all set! That brings us to the next section.
Last Updated: 06/23/02
This page is © Phil Dibowitz 2001 - 2004