Updated my Dovecot certificate for the first time

Joseph Tam jtam.home at gmail.com
Thu Nov 24 21:00:42 UTC 2016


On Thu, 24 Nov 2016, Steve Litt wrote

>> add the public part of the cert into your system's trusted CA store.
>
> Silly question, but how would you do that?

You didn't say which OS you're running on (alpine runs on Windows as
well), but I'll assume *nix.

A previous poster showed you how to do it with a real certificate, and
the steps are the same.  However, the way I found out without too much
fuss was to process trace my alpine process and see where it tied to
load a cert

 	$ strace -o trace.out alpine
 		... quit after connection

 	$ grep -F cert traceout
 	/1:     open64("/etc/openssl/cert.pem", O_RDONLY)       Err#2 ENOENT
 	/1:     stat("/etc/openssl/certs/cbf06781.0", 0xFFBF8E54) Err#2 ENOENT
 	...

Your output will be different of course.  The first load is the default
pre-loaded root CAs (Thawte, etc.) supplied by OpenSSL, and the second,
etc. are chained certificate lookups.  You would replace the missing
cert with your own self-signed public pem file. e.g.

 	cp mypub.pem /etc/openssl/certs/cbf06781.0

For Windows, I don't know where it fetches it from.

Joseph Tam <jtam.home at gmail.com>


More information about the dovecot mailing list