# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = yes

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
{{ with getv "/ssl/cert" }}ssl_cert = <{{.}}{{ end }}
{{ with getv "/ssl/key" }}ssl_key = <{{.}}{{ end }}

# Directory and/or file for trusted SSL CA certificates. These are used only
# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
# directory is usually /etc/ssl/certs in Debian-based systems and the file is
# /etc/pki/tls/cert.pem in RedHat-based systems.
{{ with getv "/ssl/client/ca/dir" }}ssl_client_ca_dir = {{.}}{{ end }}
{{ with getv "/ssl/client/ca/file" }}ssl_client_ca_file = {{.}}{{ end }}