[Dovecot] Certificat Outlook 2003
Hi,
next problem with outlook 2003
On the IMAP Server (dovecot.x86_64 1.0.7-7.el5) I created a certificate with "mkcert_dovecot.sh". Some entries as be written to "/etc/pki/dovecot/dovecot-openssl.cnf".
plaintext paswords are disables. IMAP Serverport: 993 Server needs SSL
Now the outlook 2003 clients meens "the server uses a security certificate, which could not be verified"
I can only click on "yes" or "no"
On the thunderbird clients, I can use "use this certificate temporary " OR "use this certificate permanent"
thats going on with this §@#! outlook 2003 clients.
many thank Richard
If your clients are in the Active Directory you could put your server certificate to domain policy.
Lada
Dne 10.8.2010 12:26, Richard Gliebe napsal(a):
Hi,
next problem with outlook 2003
On the IMAP Server (dovecot.x86_64 1.0.7-7.el5) I created a certificate with "mkcert_dovecot.sh". Some entries as be written to "/etc/pki/dovecot/dovecot-openssl.cnf".
plaintext paswords are disables. IMAP Serverport: 993 Server needs SSL
Now the outlook 2003 clients meens "the server uses a security certificate, which could not be verified"
I can only click on "yes" or "no"
On the thunderbird clients, I can use "use this certificate temporary " OR "use this certificate permanent"
thats going on with this §@#! outlook 2003 clients.
many thank Richard
On 08/10/2010 06:43 AM, Richard Gliebe wrote:
On 8/10/10 12:29 PM Ladislav Pašek wrote:
If your clients are in the Active Directory you could put your server certificate to domain policy.
Lada
Hi,
the clients are not in a AD, only in a smb workgroup.
You can still download the certificate (from, say, your website) and install it on each workstation. Just right click the cert file, and I think the option is either "Install" or "Import."
On 8/10/10 6:01 PM Michael Orlitzky wrote:
You can still download the certificate (from, say, your website) and install it on each workstation. Just right click the cert file, and I think the option is either "Install" or "Import."
Will this also works with *.pem certificates?
mkcert_dovecot.sh will create two dovecot.pem certificates in /etc/pki/dovecot/certs and /etc/pki/dovecot/private
[mkcert_dovecot.sh] #!/bin/sh
# Generates a self-signed certificate. # Edit dovecot-openssl.cnf before running this.
OPENSSL=${OPENSSL-openssl} SSLDIR=${SSLDIR-/etc/pki/dovecot} OPENSSLCONFIG=${OPENSSLCONFIG-/etc/pki/dovecot/dovecot-openssl.cnf}
CERTDIR=$SSLDIR/certs KEYDIR=$SSLDIR/private
CERTFILE=$CERTDIR/dovecot.pem KEYFILE=$KEYDIR/dovecot.pem
thanks Richard
On 08/11/2010 03:30 AM, Richard Gliebe wrote:
On 8/10/10 6:01 PM Michael Orlitzky wrote:
You can still download the certificate (from, say, your website) and install it on each workstation. Just right click the cert file, and I think the option is either "Install" or "Import."
Will this also works with *.pem certificates?
Short answer: yes, although you might have to rename the cert file with an extension that Windows understands.
Long answer:
The PEM format is really just a container format for keys and some other stuff, so you should double-check what's in the PEM file first. Often, they will contain,
- Just a private key
- Just a public key or certificate
- Both a private and public key
For example, if your CERTDIR and KEYDIR are the same when you run dovecot_mkcert.sh, then both the public and private keys will be stored in the same file (e.g. dovecot.pem).
You want to be careful that you don't ship your private key off to the clients. The certificate is contained in one of those PEM files; if you put it on a Windows box and give it an extension that Windows understands, you should be able to import it.
The PEM files are just plain text, and it should be obvious from the "BEGIN CERTIFICATE" or "BEGIN RSA PRIVATE KEY" which one you're looking at.
participants (3)
-
Ladislav Pašek
-
Michael Orlitzky
-
Richard Gliebe