I'm trying to get apache, sendmail , and dovecot to use SSL certs signed by my own CA. I've got the apache certs working fine. However, dovecot ( I haven't even ... converter? Could it be the way that I'm signing the certificates?
Any help would be appreciated.
I can't help you with dovecot since I've never used it (well not yet), but I've found this to be extremely helpful:
Eclectica http://www.eclectica.ca/howto/ssl-cert-howto.php
Also, when I setup apache, postfix, uw-imap to use certificates signed by my own CA, I followed suggestions from the mod-ssl faq.
I've got things setup so I have a "certs" directory. Once in there I can type "./make.sh hostname" and it will make a certificate for that hostname and sign it. I've also got "./pem.sh hostname" which will convert the certificate into the pem format which is what postfix/uw-imap expect.
Anyway, it's nice cause now I never have to think about how it all works anymore....
Here's the scripts:
http://www.pjkh.com/~philip/certs/CA.txt Instructions on how to become your own CA. Note I set mine to expire in 10 years so a year from now instead of 1 year by default.
http://www.pjkh.com/~philip/certs/make.sh.txt Creates a certificate and then signs it using the sign.sh script.
http://www.pjkh.com/~philip/certs/sign.sh.txt straight from Ralf Engelshall except I increased the number of days to 3650.
http://www.pjkh.com/~philip/certs/pem.sh.txt Convert the script to pem.
Hope this helps...