[Dovecot] Certificate Server name!

Ed W lists at wildgooses.com
Mon Jul 7 19:48:33 EEST 2008 

>
>> BTW, you can get free certificates from http://cacert.org (no 
>> affiliation except as a user), though the first time your users see 
>> them they may have to answer a pop-up about a "funny" certificate.  
>> (My experience is that most users just click OK and don't give it 
>> much thought.  The ones who do think about it tend to be more 
>> sophisticated anyhow, so they can sort it out rather than just 
>> switching off the computer in a panic and watching TV for the rest of 
>> their lives.)
>>
>>
> I personally use RapidSSL (from a company call Trustico in the UK.)  
> They cost around £9 per year per domain, and are recognised by major 
> browsers so no warning messages about untrusted certificates.  The 
> only downside is they don't give any organisational information out 
> (except that the certificate owner has been verified.)


I'm experimenting with a godaddy multiple domain cert (they call them 
UCC certs).  It works out at a couple of pounds per domain per year, so 
pretty affordable.  So far the process seems straightforward.  Notes to 
self:

- Request the cert with your company name in the requestor account 
details (check spelling carefully to prevent delays).
- Generate the cert request with your official company name in the 
Organisation (check spelling) and any trading name in the OrgUnit 
section, CN=main.domainname.com.
- Then you can add extra domain names on the godaddy website
- All the extra names are checked as belonging to you solely based on 
the company name (from Organisation entry) being in the whois info (so 
update whois 24 hours before if necessary).  Emails are sent to the 
whois links, so also check they are correct
- Cert comes back as a chained cert, so you need to do the following:
- "cat new.godaddy.crt gd_intermediate_bundle.crt > 
/etc/ssl/dovecot/server.pem"
- The godaddy instructions create a key file with a password, either 
remove the "-des" option or remove the password with: "openssl rsa -in 
godaddy.key -out /etc/ssl/dovecot/server.key"

So far this seems to allow me to use multiple domain names (at totally 
different domains) to contact my server - for my needs this is better 
than a wildcard because I can have mail.domain1.com and mail.domain2.com 
without any problems

Hope this helps

Ed W

More information about the dovecot mailing list