Create a Certificate Signing Request for Dovecot IMAP Server

In order to generate a CSR on Dovecot IMAP Server, please follow these steps.

Step 1: Generating the Key Pair

    1. The utility "OpenSSL" is used to generate both Private Key (key) and Certificate Signing request (CSR). OpenSSL is usually installed under /usr/local/ssl/bin. If you have a custom install, you will need to adjust these instructions appropriately.

  1. Type the following command at the prompt in OpenSSL:
    genrsa –des3 –out www.mydomain.com.key 2048

    Note: If you do not wish to use a Pass Phrase, do not use the -des3 command. It will however leave the private key unprotected.

  2. Enter the PEM Pass Phrase (This MUST be remembered)

Step 2: Generating the CSR

    1. Type the following command at the prompt in OpenSSL:
      req –new –key www.mydomain.com.key –out www.mydomain.com.csr

      Note: You will be prompted for the PEM Pass Phrase if you included the "-des3" command. Type it in now.

      NOTE: There is a known issue with Apache/OpenSSL Windows Based Installations. If you recieve an error with the above command, Please enter the following:
      req -new -key www.mydomain.com.key -out www.mydomain.com.csr -config openssl.cnf

    2. Input the information for the Certificate Signing Request. This information will be displayed in the certificate.

      Common Name – Must match the URL you plan to secure exactly – is usually your fully-qualified domain name (e.g. devel.ssl247.co.uk or mail.devel.ssl247.co.uk). Remember the www. Is important – include it if you want to secure https://www.yoursite.com & exclude it if you want to secure https://yoursite.com.
      Organisation - The legal (officially registered) name of your organization/company include Inc., LLP., Pvt, Plc. Ltd. SARL., etc.
      Organisational unit - The name of your department within the organization (this is often "IT," "Web," or is just left blank).
      City/locality - The city or town in which your organization is located.
      State/province - The state in which your organization is located.
      Country - Click here for the official list of ISO country codes for this field.

      Note: DO NOT Enter the following: "Email Address"; "A challenge password" & "An optional company name".

    3. Please verify the CSR, to insure all information is correct. Use the following command:
      req -noout -text -in www.mydomain.com.csr
  1. The CSR will now be created, and can be submitted via the website

You are now ready to submit your CSR for the certificate you wish to install.