Richard Gliebe wrote on 12.09.2010:
Hi all,
We are running "dovecot-1.0.7-7.el5" on a CentOS release 5.5 (Final) box. I know, its an old version, but it cames up with the CentOS release (yum). Anyway.
Is there a way to import the certificate, which was generated with "mkcert_dovecot.sh", permanently to the outlook 2003 clients?
Every time, when our office 2003 clients fetches there emails (POP3s) from our dovecot server, they will be asked "......, the CN-Name of this certificate doesn't match with the taken Value. Do you want to continue with this server?.
sorry for the poor english translation. Here in german (for some german people): Der Server, mit dem Sie verbunden sind, verwendet ein Sicherheitszertifikat, das nicht verifiziert werden konnte. Der CN-Name des Zertifikates stimmt nicht mit dem übergebenen Wert überein. Möchten Sie diesen Server weiterhin verwenden?
many thanks for some hints Richard
Have you changed the value for
# Common Name (*.example.com is also possible) CN=imap.example.com
to match the hostname of your mail server before you've created the certificate? You can import the certificate in the certificate store of Windows but the error will be same because the hostname does not match the hostname in your certificate.
You could also setup your own private CA or use a public one to sign your certificates - this is the preferred way.
See also: http://wiki.dovecot.org/SSL/CertificateCreation
-- Daniel