[debian-lan-devel] Installation report
Jonas Smedegaard
dr at jones.dk
Mon May 6 06:17:18 UTC 2013
Quoting Julien Lambot (2013-05-06 02:11:12)
> This will work a lot better:
> ssl_cert = </etc/dovecot/private/dovecot.pem
> ssl_key = </etc/dovecot/private/dovecot.pem
>
> The private/ directory path was missing
>
> Sorry for the noise on the list. It seems that none of the solutions I proposed
> was good. The CA cert for dovecot is not the right one.
> Is this a known error ? It seems there is no script for dovecot certificates
> yet.
>
> I made a quick fix with
> ssl_cert = </etc/dovecot/private/dovecot.crt
> ssl_key = </etc/dovecot/private/dovecot.key
I recommend to use the common locations for SSL certs:
/etc/ssl/private/
/etc/ssl/certs/
Only for crappy daemons that must use combined private and public certs
should it be needed to store locally at the daemon.
Semi-crappy daemons with inflexible access rights is often handled fine
by adding them to the ssl-cert group (and installing ssl-cert).
I believe host certs should be stored directly at those directories,
whereas CA certs (if you choose to roll your own, or if some new
commercial provider pops up which is not yet included in the
ca-certificates package) should be stored below /usr/local/share as
documented in /usr/share/doc/ca-certificates/README.Debian .
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
More information about the debian-lan-devel
mailing list