[Dovecot] Problems with Dovecot and self-signed cert
Adam Pordzik
ap at d-dt.de
Tue Feb 22 22:25:25 EET 2005
> Normally, on a RHEL system, you just go into /user/share/ssl/certs/ and
RHEL = Red Hat Enterprise Linux?
> type:
>
> make whatever.pem
go to /usr/local/share/doc/dovecot (on FreeBSD), edit example
dovecot-openssl.cnf
for your needs and run mkcert.sh
To do it "by hand" you've to type e.g.: (one line, then without "\")
openssl req -new -x509 -newkey rsa:1024 -nodes -keyout mykey.pem -out \
mycert-pem
Of course, this will ask you for some values for the DN as well and
requires an working openssl.cnf (Use myimap.mydomain.dom for CN)
> Then you fill out the various address fields, and you've got a cert.
> However, when I rename/delete the existing dovecot.pem and generate a
> new one using this method, Dovecot won't start and I'm unable to connect
> to the box. The cert that it's currently using is called
Do use use also the newly generated private key?
> "localhost.localdomain", and while that works, mail clients gripe every
> time about the domain name not matching the certificate.
So make it matching. Set CN=comon Name (openssl might ask for "Your Name")
A
--
More information about the dovecot
mailing list