-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Yep, it's Red Hat Enterprise.
The "by hand" method worked, apparently Red Hat hasn't scripted DoveCot like they have their other certs, but it's up and running now. Thanks for your help!
Adam Pordzik wrote:
|> Normally, on a RHEL system, you just go into /user/share/ssl/certs/ and
|
|
| RHEL = Red Hat Enterprise Linux?
|
|> type:
|>
|> make whatever.pem
|
|
| go to /usr/local/share/doc/dovecot (on FreeBSD), edit example
| dovecot-openssl.cnf
| for your needs and run mkcert.sh
|
| To do it "by hand" you've to type e.g.: (one line, then without "\")
|
| openssl req -new -x509 -newkey rsa:1024 -nodes -keyout mykey.pem -out
| mycert-pem
|
| Of course, this will ask you for some values for the DN as well and
| requires an working openssl.cnf (Use myimap.mydomain.dom for CN)
|
|> Then you fill out the various address fields, and you've got a cert.
|
|
|> However, when I rename/delete the existing dovecot.pem and generate a
|> new one using this method, Dovecot won't start and I'm unable to connect
|> to the box. The cert that it's currently using is called
|
|
| Do use use also the newly generated private key?
|
|> "localhost.localdomain", and while that works, mail clients gripe every
|> time about the domain name not matching the certificate.
|
|
| So make it matching. Set CN=comon Name (openssl might ask for "Your Name")
|
|
|
| A
|
Seth H. Bokelman (Seth.Bokelman@UNI.edu) Systems Administrator ITS-Network Services, University of Northern Iowa 15 Curris Business Building, Cedar Falls, Iowa 50614 Phone: (319) 273-7423 http://www.sethb.com/ ICQ#: 6497760 MSN Messenger: seth.bokelman@uni.edu AOL/AIM: sethb2 Yahoo Messenger: sethbokelman -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCG51pOiUz+Af5BIIRAjyIAJ9SVdRonBBFKC2OsBifAGmajg8uhwCguDYO +SapYFmzUedWJm+dKs+RA1w= =6Cr9 -----END PGP SIGNATURE-----