The standard place to put them is /etc/pki . Dovecot installs a directory there for secure POP and IMAP and you put them ./dovecot/private or ./dovecot/certs. The default name is dovecot.pem for both private and certs. If you use another name, just make the entry in dovecot.conf match and uncomment the lines for ssl_cert_file and ssl_key_file. There are similar locations for tls in the /etc/pki directory. The files should pickup the correct selinux context but if they don't, it is system_u:object_r:cert_t for ./dovecot/private/dovecot.pem and system_u:object_r:dovecot_cert_t for ./dovecot/certs/dovecot.pem. Use the tls/certs/Makefile in to make the proper certs for tls. All the tls certs get system_u:object_r:cert_t . Regards, John
|
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
