On 08/31/2018 01:47 PM, Chuck Campbell wrote:
I am getting myself confused, and need someone who fully understands
this process to help me out a bot.
I would like to obtain an ssl certificate, so I can run my own imap
server on a machine in my office.
My domain is hosted by networksolutions, but I don't run my imap
server there.
I am assuming I'll need to pay a CA to generate what I need, but I'm
confused about what I need. I am running dovecot at teh moment, but my
clients (iphone, windows laptops) say my ssl connection is not
trusted. The phone just won't connect.
I tried emailing the dovecot.pem file to my phone and installing it,
but it just says it is not trusted.
This leads me to obtaining a real CA issued certificate. I'm not sure
what to do with it, once I get one, and then if I need to subsequently
regenerate my dovecot.pem file??
Many large companies run their own CA and install their own root
certificate. Often installing a root cert is easier than installing a
self-signed independent cert. There is much written about building your
own CA and a number of tools for that like openCA. I can't speak for
all your devices or apps, but there should be ways....
In personal promotion, I have been doing my own CA work for ECDSA certs
and now for EDDSA certs (and I wonder what commercial CAs are providing
them). See my Internet draft:
draft-moskowitz-ecdsa-pki
And my github for pending updates to this and the new eddsa-pki draft
(to be published after openSSL 1.1.1 is released).
https://github.com/rgmhtt/draft-moskowitz-ecdsa-pki
https://github.com/rgmhtt/draft-moskowitz-eddsa-pki
Or go to openCA or look at other CA toolkits available on Centos and Fedora.
Letsencrypt is a very important development, but it has (IMHO) a shaking
foundation. I would not build a production system around it. But then
I have lived in aspects of PKI since '95...
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
