Updated my Dovecot certificate for the first time
Greg Rivers
gcr+dovecot at tharned.org
Wed Nov 23 22:04:22 UTC 2016
On Wed, 23 Nov 2016, Steve Litt wrote:
> [snip]
>
> Alpine still gives me a bad cert warning, saying I should either fix it
> or disable checking. I haven't yet found a way to get Alpine to
> discriminate between a valid self-signed cert and a bad one.
>
Like a number of applications, alpine checks the system certificates
directory for a file containing the server certificate to be validated
that's named according to its x509 hash. If it finds it, it trusts it.
I don't know where Linux distros keep their certs, but on FreeBSD it's in
/etc/ssl/certs/. If you've no other way to find out, a brute force search
of the alpine binary should locate it, e.g.:
$ strings $(whence alpine) | grep '^/.*certs$'
/etc/ssl/certs
You can fetch the certificate from a remote IMAP server and install it in
your system certs directory like this:
# cd /path/to/certs &&
> openssl s_client -connect remote.server:143 -starttls imap -showcerts </dev/null 2>&0 |
> H=$(openssl x509 -hash -out imap.pem) &&
> ln -sf imap.pem ${H}.0
# ls -l
total 5
lrwxr-xr-x 1 root wheel 11 Nov 23 15:34 3a82ab1a.0 -> imap.pem
-rw-r--r-- 1 root wheel 1371 Nov 23 15:34 imap.pem
--
Greg Rivers
More information about the dovecot
mailing list