[Dovecot] Certificate Authority-signed certs in dovecot?
Hi!
Sorry if this has been covered. I've just started using dovecot and I've searched via google and I've downloaded the maillist archives, but I haven't found a solution.
I'm using Fedora Core 1, with dovecot-0.99.10-6. When I'm at work, I access my home mail server using Outlook Express (I know, I know, but it's the only client I'm allowed to use at work). Now, I'm able to get to my email, but I get a warning popup box each time I connect to the server, that the authenticity of the certificate can't be verified. I'm assuming that that's because I am using a self-signed certificate.
Now, I'm also using postfix, and it allows for me creating my own CA certificate, and using it to sign my own certificates. The /etc/postfix/main.cf entries are:
smtpd_tls_key_file = /etc/postfix/newreq.pem smtpd_tls_cert_file = /etc/postfix/newcert.pem smtpd_tls_CAfile = /etc/postfix/cacert.pem
but while I see the following two lines in /etc/dovecot.conf:
ssl_cert_file = /usr/share/ssl/certs/dovecot.pem ssl_key_file = /usr/share/ssl/private/dovecot.pem
I don't see how to specify my CA cert.
I'm pretty much a noob when it comes to openssl, but I've been able to follow directions to get the TLS working in both postfix and dovecot. I just want to get rid of that annoying message. I figure that there's a way to sign my dovecot certs with the ca cert I've already created for postfix, and tell dovecot about it somehow. Has anybody done this?
Thanks!
Ben
On Fri, Jan 16, 2004 at 10:44:11AM -0600, Benjamin J. Weiss wrote:
I'm using Fedora Core 1, with dovecot-0.99.10-6. When I'm at work, I access my home mail server using Outlook Express (I know, I know, but it's the only client I'm allowed to use at work). Now, I'm able to get to my email, but I get a warning popup box each time I connect to the server, that the authenticity of the certificate can't be verified. I'm assuming that that's because I am using a self-signed certificate.
You can use Internet Explorer to add your CA certificate to your client machine (and it will also be honored by Outlook Express). Or you can add just the cert for the IMAP machine.
http://www.microsoft.com/Windows/ie/using/howto/digitalcert/using.asp
On Fri, 2004-01-16 at 18:44, Benjamin J. Weiss wrote:
but while I see the following two lines in /etc/dovecot.conf:
ssl_cert_file = /usr/share/ssl/certs/dovecot.pem ssl_key_file = /usr/share/ssl/private/dovecot.pem
I don't see how to specify my CA cert.
Currently there's no way to do it, but Zach Bagnall wrote a patch some time ago. Now that I remember it, I'll commit it to CVS :)
participants (3)
-
Benjamin J. Weiss
-
Jim Tittsler
-
Timo Sirainen