-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 7 Jan 2010, Spyros Tsiolis wrote:
signed certificate:
/C=GR/ST=Kerkyra/L=Kerkyra/O=Tourist Enterprizes/OU=IMAP
server/CN=webmail.domain.gr/emailAddress=postmaster@webmail.domain.gr
You access the cert of webmail.domain.gr via a host named localhost. If Horde runs on the same host, just disable SSL :-)
. . .because SSL is for remote hosts (clients) on the network anyway right ?
Well, there might be scenarios, when a local user other than root may sniff the connection on localhost, but I think you have no such one. So to encrypt a connection from localhost to localhost is a waste of ressources. In case of Dovecot you'll need one extra file descriptior (and depending on your settings one extra process as well), plus the CPU time to actually do the encryption.
Yeah. The certificate is there. Under "/etc/ssl/certs". I was thinking that maybe because the system (and the certificate issuer, horde and dovecot are on the same box. You ask me somewhere about that) is all-in-one, I need to import the certificate somewhere ?
see above for the reason.
The dovecot wiki says that importing the certificate is only applicable to the client-side (evolution, thunderbird and so on).
The webmail-frontend _is_ your client in the view of Dovecot. But since the cert is in /etc/ssl/certs, it should work, but if you validate the cert, the webmail may bark, because you access the SSL-cert with the CN "webmail.domain.gr" by another name "localhost". This is a sign of a man-in-the-middle attack, actually.
BTW: Do your SSL IMAP/POP clients also use the name "webmail.domain.gr"? Otherwise they will get a warning as well, maybe each time they connect.
Regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBS0bzDb+Vh58GPL/cAQJx9Af/egq1HW/M92tmivrAcBFCvyO6pL6cZcwr PDVfWTsQsHAhWOYNTfAuAe0kouFTnjCpGcTXKPAA3VCWvRWR37/RGseeAmKfRmEW BYfKPrkf6ltq+hfREi81rHIme0xIry5UG1oB2/1WfPHmWTckVWNRL0aRIZGM+ZR5 v40MuesoaMyY0EngEnaIfDbswG+vNWF60XZ71knAfVtl12LOe+twzLDEJ3M13SaV zw7qOGj4iUtZgML4LC042dGuF22yKAXElwp26oZVhk522J1VtdMuhi9Bma7YnVfU CfhUWqa3q+jL60fAKhWCP8IoRxxYJ/vsrWFjZaEamjCMCLx3FgeebQ== =IS0t -----END PGP SIGNATURE-----