On 20/12/2018 12:37, Marc Roos wrote:
You have to create your own ca, and then create the certificate. I doubt
if you will be able to find companies like DigiCert or Comodo to do
this.
If you want, I can try sign it with our own 'internal' CA. The only
thing you have to do is of course adding our CA to your ca bundle but
that is very easy in CentOS7
Thank you, Marc.
We created our own CA and certificates just fine. The problem is that
SSL does not seem to like them giving the error I mentioned in the
previous message:
dovecot: imap-login: Error: SSL: Stacked error: error:04075070:rsa
routines:RSA_sign:digest too big for rsa key
What would an SSL+Dovecot expert do if this error was encountered? A
1024 bit key works just fine but we have to stick to 256.
You need to use a weak TLS algorithm. 256 bit rsa key can contain less than 32 bytes of data so you need to use sha1 based tls algorithm.