Updated my Dovecot certificate for the first time
Simon Doppler
dopsi at dopsi.ch
Wed Nov 23 22:56:26 UTC 2016
On mercredi, 23 novembre 2016 17.31:50 h CET Steve Litt wrote:
> On Wed, 23 Nov 2016 16:04:22 -0600 (CST)
>
> Greg Rivers <gcr+dovecot at tharned.org> wrote:
> > On Wed, 23 Nov 2016, Steve Litt wrote:
> > > [snip]
> > >
> > > Alpine still gives me a bad cert warning, saying I should either
> > > fix it or disable checking. I haven't yet found a way to get Alpine
> > > to discriminate between a valid self-signed cert and a bad one.
> >
> > Like a number of applications, alpine checks the system certificates
> > directory for a file containing the server certificate to be
> > validated that's named according to its x509 hash. If it finds it, it
> > trusts it.
> >
> > I don't know where Linux distros keep their certs, but on FreeBSD
> > it's in /etc/ssl/certs/. If you've no other way to find out, a brute
> > force search of the alpine binary should locate it, e.g.:
> >
> > $ strings $(whence alpine) | grep '^/.*certs$'
> > /etc/ssl/certs
>
> The directory or the certs isn't the problem. Alpine sees the
> self-signed cert I just made, but complains because it's self-signed,
> and gives me the choice between saying "yes" every time, and just not
> checking for certs at all.
>
> SteveT
>
> Steve Litt
> November 2016 featured book: Quit Joblessness: Start Your Own Business
> http://www.troubleshooters.com/startbiz
One solution would be to use a Let's Encrypt certificate (that's what I do).
Documentation can be found here :
* https://certbot.eff.org/docs/using.html#standalone
* https://community.letsencrypt.org/t/use-on-non-web-servers/425
--
Simon Doppler (dopsi)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: This is a digitally signed message part.
URL: <http://dovecot.org/pipermail/dovecot/attachments/20161123/8feeacc4/attachment.sig>
More information about the dovecot
mailing list