On 03/03/2015 08:12 AM, Timothy Murphy wrote:
Jason Pyeron wrote:
I'm getting endless complaints about my dovecot cert,
Exact message please?
The certificate does not apply to the given host
The certificate is not signed by any trusted certificate authority
Do I really have to use a separate cert and key for dovecot?
Can I not use the "standard" cert in /etc/pki/tls/certs (and key)
from CACert.org ?
Post the certificate only, not the private key.
I've looked at the cert and key and they look ok for what they are,
a self-signed certificate and key, as created (years ago)
following the instructions in the dovecot installation instructions.
I'm really just asking if I cannot just use what I take to be
the standard openssl certificate and key in /etc/pki/tls/
Do I really have to create up a special cert for dovecot?
There's not really a "standard" SSL certificate. Perhaps you're
referring to a "default" certificate used by the webserver?
What I typically do is get a real, but free, SSL certificate from some
place like StartSSL (www.startssl.com), and then copy the key and
certificate to the location that's specified for use by dovecot. That
way, both httpd and dovecot are using the same certificate (although
it's stored in 2 different locations).
The other thing to consider with dovecot (if you go with a third-party
certificate) is that you may need to append the intermediate certificate
to your server-specific certificate to properly establish the chain of
trust for clients attempting to verify it.
-Greg
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
