Re: Self signed certs, openssl dovecot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Fri, 24 Jul 2009, Bob Hoffman wrote:

>>> Comes down I believe to the need to get a CA for dovecot's pem 
>>> files or I will always get an error.
>>
>> You've got to tell your mail client to trust either the dovecot 
>> certificate or the CA cert that signed it.
>>
>> The procedure for doing so varies with your mail client. The 
>> message you sent to the list came from Outlook. Is that the client 
>> you typically use?
>
> Trying not to buy a ssl for my private mail, doesn't seem like 
> something you would need just to get access to your own mail, so no 
> trusted CA there (ssh does not require trusted dang it).
>
> The idea floated as a thought in some channels is to make a sort of 
> self-trusted CA on your server for dovecot. But no examples of this 
> can be found, so if anyone has knowledge, all ears here.

The easy-rsa scripts that ship with OpenVPN might be helpful to you. 
Grab the latest openvpn distribution:

   http://openvpn.net/index.php/open-source/downloads.html

Then have a look at the easy-rsa instructions:

   http://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html

You'll end up with a roll-your-own certificate authority (CA) and 
scripts to build a certificate for your dovecot server.

Then use the Window key-management system to import the CA's public 
certificate. At that point Outlook ought to trust your dovecot 
certificate.

-- 
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux