TLS- Cyrus

Last updated      2018-01-29

mkdir /var/imap/<server >

When you apply for a cert, you must send the registrar a “csr” file.  As a part of generating the csr, you will create a private key. Save both of these files in the directory /var/imap/<server>.

cd /var/imap/<server name goes here>/

1. Create the directory to store info in.
mkdir /var/imap/<server name goes here>

2. Copy your files to this dir.

3. Convert your cert to pem files
A. For self signed certs
cd /var/imap/<server name goes here>
openssl req -new -nodes -out req.pem -keyout \ key.pem  
openssl rsa -in key.pem -out new.key.pem
openssl x509 -in req.pem -out ca-cert -req \
-signkey new.key.pem -days 999 
B. for certs from Godaddy and Network Solutions
Create the needed subdirectories.
mkdir /var/imap/<server>/cafile
mkdir /var/imap/<server>/pub-key
mkdir /var/imap/<server>/priv-key

cd  /var/imap/<server>/
Copy the certs to this dir and unzip the Godaddy cert file.
openssl x509 -outform PEM -in gd-whatever.crt -out /var/imap/<server>/cafile/cafile.crt.pem
openssl x509 -outform PEM -in /var/imap/<server>/pub-key/6fwhatever.crt -out pub-key.crt.pem
openssl rsa -outform PEM -in priv-key.crt -out /var/imap/<server>/priv-key/priv-key.crt.pem
 4. Fix security
chown cyrus:mail /var/imap/<server name goes here>/server.pem 
chmod 600 /var/imap/<server name goes here>/server.pem # Your key should be protected

5. Fix /etc/imapd.conf
tls_ca_file: /var/imap/<server>/cafile/cafile.crt.pem 
tls_cert_file: /var/imap/<server>/pub-key/pub-key.crt.pem 
tls_key_file: /var/imap/<server>/priv-key/priv-key.crt.pem

6 .systemctl start cyrus-imapd

Up in the country.