On 6/25/2009 5:35 PM, S.Tindall wrote:
On Thu, 2009-06-25 at 23:00 +0100, Ned Slider wrote:
Bob Hoffman wrote:
Hi all,
Finally got around to making sendmail and dovecot use a secure log in
procedure on my server.
Now when I open up outlook it goes through a secure log in.
Unfortunately, I am using my own self signed cert on the server for this.
Hence, I get, for every single account, everytime I open up outlook a
warning about untrusted cert.
I have looked around and found a spot in IE to 'import' a cert of some
kind...and this would seem like the way to make it work.
I am unsure exactly what I am supposed to copy or run on the server to then
save to my home computer to then add to the 'import' part.
For sendmail I made a sendmail.pem and dovecot already came installed with
its cert.
It is annoying to have the warnings everytime I open outlook up and if
anyone has experience with this stuff I would not mind a quick helping hand.
Thanks all.
Bob
What warnings are you getting?
You'll probably need to generate your own cert for dovecot too. The
dovecot cert that ships with the package is for imap.example.com, so
you'll probably get a warning that the cert doesn't match the host, and
it also expired in Jan 2009 so you might get a warning for that too. If
you generate your own cert, be sure the cert matches your FQ hostname.
The other common warning is for an untrusted or self-signed cert, which
can normally be overcome by importing the cert the first time.
SSL/TLS for Dovecot is covered in the Wiki here:
http://wiki.centos.org/HowTos/postfix_sasl#head-67159b2747e8ff10df5bf5da41d4f21a245afd7f
I'll leave it for a sendmail user to advise you for that :)
Adding to NedSlider's comments, you can also create your own Certificate
Authority for signing your local certs and then clients can import your
CA cert as a trusted authority. After that, any local cert you create
and sign will be recognized as trusted by the client systems. It's
surprisingly easy to do.
The steps are nicely addressed in "Apache Security" (O'Reilly) by I.
Ristic: Chapter 4, "Apache and SSL" pp.86-93 and "Setting up a
Certificate Authority" pp. 93-99. They leave little to your imagination.
And as NedSlider pointed out, be sure the host name on the cert. matches
the actual host name. Outlook/OE are very unforgiving on that point.
Steve
The easiest way I've found to add a hand rolled cert to windows box is
as follows.
Open your web browser of choice type the https url followed by :995.
Example: https://mail.mydomain.com:995
You'll be prompted about the cert and there you can choose to install
it.
|
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
