On mercredi, 23 novembre 2016 17.31:50 h CET Steve Litt wrote:
On Wed, 23 Nov 2016 16:04:22 -0600 (CST)
Greg Rivers gcr+dovecot@tharned.org wrote:
On Wed, 23 Nov 2016, Steve Litt wrote:
[snip]
Alpine still gives me a bad cert warning, saying I should either fix it or disable checking. I haven't yet found a way to get Alpine to discriminate between a valid self-signed cert and a bad one.
Like a number of applications, alpine checks the system certificates directory for a file containing the server certificate to be validated that's named according to its x509 hash. If it finds it, it trusts it.
I don't know where Linux distros keep their certs, but on FreeBSD it's in /etc/ssl/certs/. If you've no other way to find out, a brute force search of the alpine binary should locate it, e.g.:
$ strings $(whence alpine) | grep '^/.*certs$' /etc/ssl/certs
The directory or the certs isn't the problem. Alpine sees the self-signed cert I just made, but complains because it's self-signed, and gives me the choice between saying "yes" every time, and just not checking for certs at all.
SteveT
Steve Litt November 2016 featured book: Quit Joblessness: Start Your Own Business http://www.troubleshooters.com/startbiz
One solution would be to use a Let's Encrypt certificate (that's what I do).
Documentation can be found here :
- https://certbot.eff.org/docs/using.html#standalone
- https://community.letsencrypt.org/t/use-on-non-web-servers/425
-- Simon Doppler (dopsi)