On 22/06/21 06:17PM, Reinoud Zandijk wrote: > > The imapd daemon looks for the following files to use SSL: > > /etc/openssl/certs/imapd.pem (certificate) > /etc/openssl/private/imapd.pem (private key) > > and similarly for the ipopd daemon. > > =========================================================================== > Do you know how to create those certificates? And is logging in done anyway? > Yes, for imaps and pop3 you need to have the authoritative certificate and key installed at the specified paths, as stated in the MESSAGE. Clients will require a trusted cert from a certificate authority,like Let's Encrypt. You can get one easily with security/py-certbot. (Since the name of the package depends on the python version used to build it, it's advisable to install pkgtools/pkg_alternatives, and update the alternatives database, so that /usr/pkg/bin/certbot will invoke your currently installed version. To request a certificate from Let's Encrypt using certbot, for a server running bozo-httpd: # certbot certonly --webroot -w /var/www \ -d <domain.tld>,<sub1.domain.tld>,<sub1.domain.tld> \ - m <mail%domain.tld@localhost> --pre-hook "service httpd stop" \ -post-hook "service httpd start" You can skip the webroot part and the hook if you don't run a web server. You can then find your certificate and key at: /usr/pkg/etc/letsencrypt/live/<domain.tld> As `fullchain.pem` and `privkey.pem` respectively. These will need to be manually symlinked or copied to the aforementioned locations, which is: /etc/openssl/certs/imapd.pem (certificate) etc/openssl/private/imapd.pem (private key) Then restart inetd, and your IMAP/POP3 server will be up and running with SSL support. Regards, PVO -- ----------------------------+---------------------------- vms[-at]retrobsd.ddns.net | https://retrobsd.ddns.net
Attachment:
signature.asc
Description: PGP signature