[Dovecot] Certificate for outlook 2003
Hi all,
We are running "dovecot-1.0.7-7.el5" on a CentOS release 5.5 (Final) box. I know, its an old version, but it cames up with the CentOS release (yum). Anyway.
Is there a way to import the certificate, which was generated with "mkcert_dovecot.sh", permanently to the outlook 2003 clients?
Every time, when our office 2003 clients fetches there emails (POP3s) from our dovecot server, they will be asked "......, the CN-Name of this certificate doesn't match with the taken Value. Do you want to continue with this server?.
sorry for the poor english translation. Here in german (for some german people): Der Server, mit dem Sie verbunden sind, verwendet ein Sicherheitszertifikat, das nicht verifiziert werden konnte. Der CN-Name des Zertifikates stimmt nicht mit dem übergebenen Wert überein. Möchten Sie diesen Server weiterhin verwenden?
many thanks for some hints Richard
Richard Gliebe wrote on 12.09.2010:
Hi all,
We are running "dovecot-1.0.7-7.el5" on a CentOS release 5.5 (Final) box. I know, its an old version, but it cames up with the CentOS release (yum). Anyway.
Is there a way to import the certificate, which was generated with "mkcert_dovecot.sh", permanently to the outlook 2003 clients?
Every time, when our office 2003 clients fetches there emails (POP3s) from our dovecot server, they will be asked "......, the CN-Name of this certificate doesn't match with the taken Value. Do you want to continue with this server?.
sorry for the poor english translation. Here in german (for some german people): Der Server, mit dem Sie verbunden sind, verwendet ein Sicherheitszertifikat, das nicht verifiziert werden konnte. Der CN-Name des Zertifikates stimmt nicht mit dem übergebenen Wert überein. Möchten Sie diesen Server weiterhin verwenden?
many thanks for some hints Richard
Have you changed the value for
# Common Name (*.example.com is also possible) CN=imap.example.com
to match the hostname of your mail server before you've created the certificate? You can import the certificate in the certificate store of Windows but the error will be same because the hostname does not match the hostname in your certificate.
You could also setup your own private CA or use a public one to sign your certificates - this is the preferred way.
See also: http://wiki.dovecot.org/SSL/CertificateCreation
-- Daniel
Am 12.09.2010 07:19 schrieb Richard Gliebe:
Hi all,
We are running "dovecot-1.0.7-7.el5" on a CentOS release 5.5 (Final) box. I know, its an old version, but it cames up with the CentOS release (yum). Anyway.
Is there a way to import the certificate, which was generated with "mkcert_dovecot.sh", permanently to the outlook 2003 clients?
Every time, when our office 2003 clients fetches there emails (POP3s) from our dovecot server, they will be asked "......, the CN-Name of this certificate doesn't match with the taken Value. Do you want to continue with this server?.
sorry for the poor english translation. Here in german (for some german people): Der Server, mit dem Sie verbunden sind, verwendet ein Sicherheitszertifikat, das nicht verifiziert werden konnte. Der CN-Name des Zertifikates stimmt nicht mit dem übergebenen Wert überein. Möchten Sie diesen Server weiterhin verwenden?
many thanks for some hints Richard
Hello,
Your first step is to convert the .pem file (e.g., cacert.pem) to the .der format: # openssl x509 -in cacert.pem -out cacert.der -outform DER
Then you can either
- copy the cacert.der to your Windows clients
- import the cacert.der file with a double click on the filename
or
- copy the cacert.der to a file named cacert.crt on your web server
- import the certificate to your Windows clients using Internet Explorer (or Safari on an iPhone/iPad) e.g., http://www.yourserver.de/cacert.crt
.
Cheers,
Wieland
Am 12.09.2010 07:19, schrieb Richard Gliebe:
Hi all,
We are running "dovecot-1.0.7-7.el5" on a CentOS release 5.5 (Final) box. I know, its an old version, but it cames up with the CentOS release (yum). Anyway.
Is there a way to import the certificate, which was generated with "mkcert_dovecot.sh", permanently to the outlook 2003 clients?
Every time, when our office 2003 clients fetches there emails (POP3s) from our dovecot server, they will be asked "......, the CN-Name of this certificate doesn't match with the taken Value. Do you want to continue with this server?.
sorry for the poor english translation. Here in german (for some german people): Der Server, mit dem Sie verbunden sind, verwendet ein Sicherheitszertifikat, das nicht verifiziert werden konnte. Der CN-Name des Zertifikates stimmt nicht mit dem übergebenen Wert überein. Möchten Sie diesen Server weiterhin verwenden?
many thanks for some hints Richard
should be a procedure like this
http://support.real-time.com/windows/email/ssl-cert.html
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On 9/13/10 9:19 AM Robert Schetterer wrote:
Hi all,
should be a procedure like this
many thanks for your replies.
I'll try is as soon as a can connect me to the affected PCs
thanks Richard
participants (4)
-
Daniel Luttermann
-
Richard Gliebe
-
Robert Schetterer
-
Wieland Chmielewski