[CentOS] Ignorant question on SSL certs

Tue Mar 3 19:18:58 UTC 2015
Timothy Murphy <gayleard at eircom.net>

Greg Bailey wrote:

>> I'm really just asking if I cannot just use what I take to be
>> the standard openssl certificate and key in /etc/pki/tls/
>> Do I really have to create up a special cert for dovecot?

> There's not really a "standard" SSL certificate.  Perhaps you're
> referring to a "default" certificate used by the webserver?

No. I should have said "standard locate".
I think both Fedora and CentOS create the folders
/etc/pki/tls/{certs,private},
so I assume this means that certs and keys should be store there.

> What I typically do is get a real, but free, SSL certificate from some
> place like StartSSL (www.startssl.com), and then copy the key and
> certificate to the location that's specified for use by dovecot.

My question exactly - is there any reason why one should not do that?
Or even more simply, give the locations /etc/pki/tls/{certs,private}
in /etc/dovecot/conf.d/10-ssl.conf ?

-- 
Timothy Murphy  
gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin