# cd /etc/pki/tls/certs/
# make mail.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > mail.pem ; \
echo "" >> mail.pem ; \
cat $PEM2 >> mail.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
...................................................................................+++
...................+++
writing new private key to '/tmp/openssl.xZLZ4S'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP # <= 国名
State or Province Name (full name) []:Shimane # <= 都道府県名
Locality Name (eg, city) [Default City]:Matsue # <= 市区町村名
Organization Name (eg, company) [Default Company Ltd]:mk-mode.com # <= 会社名・サイト名
Organizational Unit Name (eg, section) []: # <= 部署名
Common Name (eg, your name or your server's hostname) []:mail.mk-mode.com # <= ホスト名・管理者名
Email Address []:postmaster@mk-mode.com # <= 管理者メールアドレス
# cd
# SSL/TLS support: yes, no, required. ssl= yes # <= コメント解除(TLS 通信の有効化)# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before# dropping root privileges, so keep the key file unreadable by anyone but# root. Included doc/mkcert.sh can be used to easily generate self-signed# certificate, just make sure to update the domains in dovecot-openssl.cnfssl_cert= </etc/pki/tls/certs/mail.pem # <= 変更(サーバ証明書を指定)ssl_key= </etc/pki/tls/certs/mail.pem # <= 変更(サーバ証明書を指定)
2-2. Dovecot 再起動
123
# /etc/rc.d/init.d/dovecot restart
Dovecot Imap を停止中: [ OK ]
Dovecot Imap を起動中: [ OK ]