I'm in the process of upgrading my email system from a relatively simple qmail+POP3 setup to a qmail+vpopmail+IMAP+POP3+webmail monster. If you're interested, I've put my notes up at http://www.differentpla.net/node/view/165
Anyway, I'm into the final stages. I've got everything working on my test box the way that I want it. The last thing to do before I upgrade my "production" box in the same way is to make everything nice and secure. This includes HTTPS for webmail; IMAPS, POP3S and (possibly) SMTP-TLS for email.
I've got HTTPS working (I'm going to use a self-CA signed certificate, since I have control over which clients attempt to connect).
My question is this: when I went to set up another certificate for IMAPS, the sign.sh script (from mod_ssl) complained because I used the same details as the HTTPS key. Do I need a separate certificate, or should I just point BincIMAP at the certificate that Apache is using?
Cheers, Roger.
Hi Roger,
I use the same cert for both POP3 (stunnel), Apache (mod_ssl), IMAP (Binc), and SMTP(starttls patch); I just placed it in my qmail/controls dir... But remember to make sure the different UIDs can access it. If the script complains, you might want to create it manually with openssl. There're some guides at the LifeWithBincImap web site.
Good luck!
Anders
