### Inspect Current Configuration

cd /etc/pki/dovecot/
more certs/dovecot.pem # This is the one that people will need
more private/dovecot.pem # This is the private half : Don’t reveal

However, the certificate (as it stands) is set up for ‘example.com’, so installing it doesn’t help you access email securely on your server.

The certificate is defined via :
more dovecot-openssl.cnf

### Create New Configuration

This needs to be updated with your information, in particular the server entry :

Get rid of the old certificate pair :

Create the certificate pair :

Make sure that dovecot is expecting secure logins by ensuring /etc/dovecot.conf has the line :

Now restart dovecot (just in case - you may not need this) :

### Last Step - use the (public) certificate you created

Copy the contents of /etc/pki/dovecot/certs/dovecot.pem into a file on the local (email client) machine, and import the certificate.

In Thunderbird, this is done via : Tools-Options-Advanced-Certificates-ViewCertificates-Authorities-Import and then pick out the file with the dovecot.pem contents in it. Then, the account server options should be set to ‘ssl’ (without secure authentication, though).