API tools faq
paste
BryCom12

10-ssl.conf

BryCom12
Dec 11th, 2014
38
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.33 KB | None | 0 0
raw download clone embed print report
  1. ##
  2. ## SSL settings
  3. ##
  4.  
  5. # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
  6. # disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
  7. # plain imap and pop3 are still allowed for local connections
  8. ssl = no
  9.  
  10. # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
  11. # dropping root privileges, so keep the key file unreadable by anyone but
  12. # root. Included doc/mkcert.sh can be used to easily generate self-signed
  13. # certificate, just make sure to update the domains in dovecot-openssl.cnf
  14. ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
  15. ssl_key = </etc/pki/dovecot/private/dovecot.pem
  16.  
  17. # If key file is password protected, give the password here. Alternatively
  18. # give it when starting dovecot with -p parameter. Since this file is often
  19. # world-readable, you may want to place this setting instead to a different
  20. # root owned 0600 file by using ssl_key_password = <path.
  21. #ssl_key_password =
  22.  
  23. # PEM encoded trusted certificate authority. Set this only if you intend to use
  24. # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
  25. # followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
  26. #ssl_ca =
  27.  
  28. # Require that CRL check succeeds for client certificates.
  29. #ssl_require_crl = yes
  30.  
  31. # Directory and/or file for trusted SSL CA certificates. These are used only
  32. # when Dovecot needs to act as an SSL client (e.g. imapc backend). The
  33. # directory is usually /etc/pki/dovecot/certs in Debian-based systems and the file is
  34. # /etc/pki/tls/cert.pem in RedHat-based systems.
  35. #ssl_client_ca_dir =
  36. #ssl_client_ca_file =
  37.  
  38. # Request client to send a certificate. If you also want to require it, set
  39. # auth_ssl_require_client_cert=yes in auth section.
  40. #ssl_verify_client_cert = no
  41.  
  42. # Which field from certificate to use for username. commonName and
  43. # x500UniqueIdentifier are the usual choices. You'll also need to set
  44. # auth_ssl_username_from_cert=yes.
  45. #ssl_cert_username_field = commonName
  46.  
  47. # DH parameters length to use.
  48. #ssl_dh_parameters_length = 1024
  49.  
  50. # SSL protocols to use
  51. #ssl_protocols = !SSLv2
  52.  
  53. # SSL ciphers to use
  54. #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
  55.  
  56. # Prefer the server's order of ciphers over client's.
  57. #ssl_prefer_server_ciphers = no
  58.  
  59. # SSL crypto device to use, for valid values run "openssl engine"
  60. #ssl_crypto_device =
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!