[Dovecot] Problems with Dovecot and self-signed cert

[Seth Bokelman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yep, it's Red Hat Enterprise.

The "by hand" method worked, apparently Red Hat hasn't scripted DoveCot
like they have their other certs, but it's up and running now.  Thanks
for your help!

Adam Pordzik wrote:
|> Normally, on a RHEL system, you just go into /user/share/ssl/certs/ and
|
|
| RHEL = Red Hat Enterprise Linux?
|
|> type:
|>
|> make whatever.pem
|
|
| go to /usr/local/share/doc/dovecot (on FreeBSD), edit example
| dovecot-openssl.cnf
| for your needs and run mkcert.sh
|
| To do it "by hand" you've to type e.g.: (one line, then without "\")
|
| openssl req -new -x509 -newkey rsa:1024 -nodes -keyout mykey.pem -out \
| mycert-pem
|
| Of course, this will ask you for some values for the DN as well and
| requires an working openssl.cnf (Use myimap.mydomain.dom for CN)
|
|> Then you fill out the various address fields, and you've got a cert.
|
|
|> However, when I rename/delete the existing dovecot.pem and generate a
|> new one using this method, Dovecot won't start and I'm unable to connect
|> to the box.  The cert that it's currently using is called
|
|
| Do use use also the newly generated private key?
|
|> "localhost.localdomain", and while that works, mail clients gripe every
|> time about the domain name not matching the certificate.
|
|
| So make it matching. Set CN=comon Name (openssl might ask for "Your Name")
|
|
|
| A
|

- --
Seth H. Bokelman (Seth.Bokelman at UNI.edu)
Systems Administrator
ITS-Network Services, University of Northern Iowa
15 Curris Business Building, Cedar Falls, Iowa  50614
Phone: (319) 273-7423
http://www.sethb.com/
ICQ#: 6497760  MSN Messenger: seth.bokelman at uni.edu
AOL/AIM: sethb2  Yahoo Messenger: sethbokelman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCG51pOiUz+Af5BIIRAjyIAJ9SVdRonBBFKC2OsBifAGmajg8uhwCguDYO
+SapYFmzUedWJm+dKs+RA1w=
=6Cr9
-----END PGP SIGNATURE-----