[Dovecot] signing dovecot certs with own Cert. Auth.
Philip Hallstrom
dovecot at philip.pjkh.com
Tue Sep 20 21:26:24 EEST 2005
> I'm trying to get apache, sendmail , and dovecot to
> use SSL certs signed by my own CA. I've got the apache
> certs working fine. However, dovecot ( I haven't even
...
> converter? Could it be the way that I'm signing the
> certificates?
>
> Any help would be appreciated.
I can't help you with dovecot since I've never used it (well not yet), but
I've found this to be extremely helpful:
Eclectica
http://www.eclectica.ca/howto/ssl-cert-howto.php
Also, when I setup apache, postfix, uw-imap to use certificates signed by
my own CA, I followed suggestions from the mod-ssl faq.
I've got things setup so I have a "certs" directory. Once in there I can
type "./make.sh hostname" and it will make a certificate for that hostname
and sign it. I've also got "./pem.sh hostname" which will convert the
certificate into the pem format which is what postfix/uw-imap expect.
Anyway, it's nice cause now I never have to think about how it all works
anymore....
Here's the scripts:
http://www.pjkh.com/~philip/certs/CA.txt
Instructions on how to become your own CA. Note I set mine to expire in
10 years so a year from now instead of 1 year by default.
http://www.pjkh.com/~philip/certs/make.sh.txt
Creates a certificate and then signs it using the sign.sh script.
http://www.pjkh.com/~philip/certs/sign.sh.txt
straight from Ralf Engelshall except I increased the number of days to
3650.
http://www.pjkh.com/~philip/certs/pem.sh.txt
Convert the script to pem.
Hope this helps...
More information about the dovecot
mailing list