Once I've obtained free certificates from Let's Encrypt, preferrably with dehydrated on FreeBSD, I'm going to modify Postfix's config file so they can be used to secure SMTP traffic.
Once I've obtained free certificates from Let's Encrypt, preferrably with dehydrated on FreeBSD, I'm going to modify Dovecot's config file so they can be used to secure POP and IMAP traffic.
Once I've obtained free SSL certificates from Let's Encrypt, preferrably wildcard ones, as described in another article here at Mimar - Let's Encrypt Wildcard Certificates On FreeBSD With BIND DNS Validation - I'm going to combine them into single PFX file so it can be used by Microsoft Exchange to secure IMAP, SMTP, POP and IIS services.
As of ejabberd-17.11, configuration option certfile, which should point to combined PEM file which consists of private key, server certificate and intermediate certificate(s), was replaced with configuration option certfiles, which should point to directory which holds private key, server certificate, and intermediate certificate(s) in separate PEM files. Also, ca_file configuration option was introduced, which should point to "trusted root certificate bundle".
For ejabberd-17.11 and newer, configuration is similar to:
### ======= CERTIFICATES ======== ###
certfiles:
- "/etc/ssl/certs/live/mimar.rs/*.pem"
ca_file: "/usr/local/etc/ssl/cert.pem"Contrary to StartSSL’s FAQ, it is now possible for authenticated users to submit certificate requests (CSRs) for client (S/MIME) certificates. However, certificates are issued in PEM format, while most browsers and mail clients prefer PKCS#12 format. This article describes steps to create private key and corresponding certificate request, as well as how to create PKCS#12 file after obtaining signed client certificate.