Add the following to the /etc/dovecot/conf.d/10-ssl.conf file:
ssl = yes ssl_cert = </etc/pki/tls/certs/mail.example.com.crt ssl_key = </etc/pki/tls/private/mail.example.com.key
The ps command can be used to determine if your system is using init or systemd. If PID 1 is init, then you will use the service command. If PID 1 is systemd, then you will use the systemctl command.
If your system is using systemd, use the systemctl command to start and enable dovecot.
systemctl restart dovecot systemctl status dovecot
service dovecot restart service dovecot status
On the Dovecot email server itself, use OpenSSL to test POP3s. The "s" in POP3s means secured. There should be many lines of text referencing various security parameters, such as SSL, TLS, and certificate. The output should begin with "CONNECTED(0000003)" and end with "Verify return code: 18 (self signed certificate)" and "+OK Dovecot ready."
~]# openssl s_client -connect mail.example.com:pop3s CONNECTED(00000003) . . . Verify return code: 18 (self signed certificate) --- +OK Dovecot ready.
Likewise, test IMAPs.
~]# openssl s_client -connect mail.example.com:imaps CONNECTED(00000003) . . . Verify return code: 18 (self signed certificate) --- * OK Dovecot ready.