ka
/
ansible-role-dovecot
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 Commits
1 Branch
65KB
Tree: 842a97e253
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '842a97e253'
${ noResults }
ansible-role-dovecot/templates/conf.d/10-ssl.conf.j2

10-ssl.conf.j2 2.2KB
Raw Normal View History

ssl config
7 years ago
use default snakeoil certificate
7 years ago
ssl config
7 years ago
use default snakeoil certificate
7 years ago
ssl config
7 years ago
use default snakeoil certificate
7 years ago
ssl config
7 years ago
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. ##

  2. ## SSL settings

  3. ##

  4. 

  5. # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>

  6. ssl = yes

  7. 

  8. # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before

  9. # dropping root privileges, so keep the key file unreadable by anyone but

  10. # root. Included doc/mkcert.sh can be used to easily generate self-signed

  11. # certificate, just make sure to update the domains in dovecot-openssl.cnf

  12. ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem

  13. ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key

  14. 

  15. # If key file is password protected, give the password here. Alternatively

  16. # give it when starting dovecot with -p parameter. Since this file is often

  17. # world-readable, you may want to place this setting instead to a different

  18. # root owned 0600 file by using ssl_key_password = <path.

  19. #ssl_key_password =

  20. 

  21. # PEM encoded trusted certificate authority. Set this only if you intend to use

  22. # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)

  23. # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)

  24. #ssl_ca =

  25. 

  26. # Require that CRL check succeeds for client certificates.

  27. #ssl_require_crl = yes

  28. 

  29. # Directory and/or file for trusted SSL CA certificates. These are used only

  30. # when Dovecot needs to act as an SSL client (e.g. imapc backend). The

  31. # directory is usually /etc/ssl/certs in Debian-based systems and the file is

  32. # /etc/pki/tls/cert.pem in RedHat-based systems.

  33. #ssl_client_ca_dir =

  34. #ssl_client_ca_file =

  35. 

  36. # Request client to send a certificate. If you also want to require it, set

  37. # auth_ssl_require_client_cert=yes in auth section.

  38. #ssl_verify_client_cert = no

  39. 

  40. # Which field from certificate to use for username. commonName and

  41. # x500UniqueIdentifier are the usual choices. You'll also need to set

  42. # auth_ssl_username_from_cert=yes.

  43. #ssl_cert_username_field = commonName

  44. 

  45. # DH parameters length to use.

  46. #ssl_dh_parameters_length = 1024

  47. 

  48. # SSL protocols to use

  49. #ssl_protocols = !SSLv3

  50. 

  51. # SSL ciphers to use

  52. #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

  53. 

  54. # Prefer the server's order of ciphers over client's.

  55. #ssl_prefer_server_ciphers = no

  56. 

  57. # SSL crypto device to use, for valid values run "openssl engine"

  58. #ssl_crypto_device =

  59. 

  60. # SSL extra options. Currently supported options are:

  61. #   no_compression - Disable compression.

  62. #ssl_options =