Cerificate for Qmail

Hi ,

I would like to know the process to follow issuing certificates for my qmail server. Presently we are using self signed certificates in pem format.

ls -al /var/qmail/control/*.pem
lrwxrwxrwx 1 root root 33 May 20 2017 /var/qmail/control/clientcert.pem -> /var/qmail/control/servercert.pem
-rw------- 1 vpopmail vchkpw 245 Jan 15 05:03 /var/qmail/control/dh1024.pem
-rw------- 1 vpopmail vchkpw 156 Jan 15 05:03 /var/qmail/control/dh512.pem
-rw------- 1 vpopmail vchkpw 493 Jan 15 05:03 /var/qmail/control/rsa512.pem
-rw-r----- 1 vpopmail vchkpw 3176 May 20 2017 /var/qmail/control/servercert.pem

I have used letsencrypt before but for a website, so I am little confused how to go about it to adapt in qmail. Normally for a site it creates two certificates

ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

Over here fullchain.pem can be linked as servercert.pem and clientcert.pem. Would that be right? Any other things I need to be carefull about or lookout for? Any pointers would be great.

Regards,
Neville

I believe that servercert.pem should be in “combined format”:

PRIVATE KEY
CERTIFICATE
INTERMEDIATES

So maybe you can have a --deploy-hook such as:

cat /etc/letsencrypt/live/domain.com/privkey.pem \
/etc/letsencrypt/live/domain.com/fullchain.pem \
> /var/qmail/control/servercert.pem && \
service qmail restart

fullchain.pem and servercert.pem are both in combined format. Is there a different process to issue certificate for qmail? or apache plugin will work. I need cert for only the default domain. I am using apache as well to host vqadmin and qmailadmin on the qmail server.

There’s no separate process or type of certificate for qmail.

You just need to do the one extra step of combining privkey.pem and fullchain.pem into a single file, because that’s what qmail expects (rather than having a separate key and certificate file).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.