Re: Updated my Dovecot certificate for the first time
On Thu, 24 Nov 2016, Steve Litt wrote
add the public part of the cert into your system's trusted CA store.
Silly question, but how would you do that?
You didn't say which OS you're running on (alpine runs on Windows as well), but I'll assume *nix.
A previous poster showed you how to do it with a real certificate, and the steps are the same. However, the way I found out without too much fuss was to process trace my alpine process and see where it tied to load a cert
$ strace -o trace.out alpine
... quit after connection
$ grep -F cert traceout
/1: open64("/etc/openssl/cert.pem", O_RDONLY) Err#2 ENOENT
/1: stat("/etc/openssl/certs/cbf06781.0", 0xFFBF8E54) Err#2 ENOENT
...
Your output will be different of course. The first load is the default pre-loaded root CAs (Thawte, etc.) supplied by OpenSSL, and the second, etc. are chained certificate lookups. You would replace the missing cert with your own self-signed public pem file. e.g.
cp mypub.pem /etc/openssl/certs/cbf06781.0
For Windows, I don't know where it fetches it from.
Joseph Tam jtam.home@gmail.com
participants (1)
-
Joseph Tam