So thunderbird actually seems to work fine, but Mail.app doesn't. I
get the warning from thunderbird about the self-signed cert, but
mail.app doesn't give me any warning at all. I'm used to getting the
warning from Mail.app when i use my courier imap server... which
works just fine with my self-signed certs.
Do you think it makes a difference how you created the cert? Over the
years i've found two different ways to do it. One way involves making
the CA cert and creating a CSR and it's many many steps. But
alternatively I found that I can normally do it in a single step like
so:
openssl req -x509 -newkey rsa:2048 -keyout private/dovecot.key -out
certs/dovecot.cert -days 365 -nodes
But admittedly, despite reading many a source on certs and ssl I
really don't understand the finer points of it.
.tim
On Sep 9, 2006, at 10:55am, OpenMacNews wrote:
i'm running dovecot on OSX, but have previously had _similar_ troubles that, eventually, turned out to be borked certs.
have you checked/verified the certs?
if not, take a look with:
(1) another server, if you have it (2) mulberry MUA (mulberrymail.com) or thunderbird. both have nice cert view capabilities. simply dunno if Mail.app does -- i don't
use it (3) check your certs with, e.g.:openssl verify -verbose -issuer_checks -purpose sslserver -CAfile 'my_CA_CERT' 'my_SVR_CERT'
fwiw, there's a useful reference starting point here:
"Certificate Management and Installation with OpenSSL" http://gagravarr.org/writing/openssl-certs/