[Dovecot] dovecot 2 in ubuntu 12.04 or Debian Squeeze
Noel Butler
noel.butler at ausics.net
Tue Mar 19 08:54:07 EET 2013
On Mon, 2013-03-18 at 22:56 -0700, pvsuja wrote:
> Mar 19 09:33:16 mailspace dovecot: imap(suja): Invalid certificate: self
> signed certificate in certificate chain: /C=IN/ST=Karnataka/O=xxx/OU=YYY
> CA/CN=mailserver.domain.com/emailAddress=sysadm at domain.com
> Mar 19 09:33:16 mailspace dovecot: imap(suja): Error:
> ssl = required
to ensure things are working, change this to "no", if you can get mail
then, change it to "yes", dont absolute force until you have everything
fixed.
> ssl_ca = </usr/local/etc/dovecot/certs/cacert.pem
> ssl_cert = </usr/local/etc/dovecot/certs/public_cert.pem
> ssl_key = </usr/local/etc/dovecot/certs/private_key.pem
>
> I guess my SSL certificate configuration is not done properly.
How did you generate this? is it really self signed, or is it a CA
signed (you can get free certs)
If it's CA signed, ensure you created it like this (the order *is*
important):
cat mail.crt sub.crt ca.crt > dovecot.pem
*remove ssl_ca = ....stuff*
ssl_cert_file = </path/to/dovecot.pem
ssl_key_file = </path/to/mail/mail.key
Been loooong time since I use self signed, but from memory
openssl req -x509 -days 999 -nodes -newkey rsa:2048 -keyout domain.key
-out domain.crt
(and IIRC tou need to ssl_ca = stuff)
dovecot wiki should have the correct format for self signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130319/1a719dc5/attachment.bin>
More information about the dovecot
mailing list