[CentOS] Self signed certs, openssl dovecot
Paul Heinlein
heinlein at madboa.com
Fri Jul 24 22:28:20 UTC 2009
On Fri, 24 Jul 2009, Bob Hoffman wrote:
>>> Comes down I believe to the need to get a CA for dovecot's pem
>>> files or I will always get an error.
>>
>> You've got to tell your mail client to trust either the dovecot
>> certificate or the CA cert that signed it.
>>
>> The procedure for doing so varies with your mail client. The
>> message you sent to the list came from Outlook. Is that the client
>> you typically use?
>
> Trying not to buy a ssl for my private mail, doesn't seem like
> something you would need just to get access to your own mail, so no
> trusted CA there (ssh does not require trusted dang it).
>
> The idea floated as a thought in some channels is to make a sort of
> self-trusted CA on your server for dovecot. But no examples of this
> can be found, so if anyone has knowledge, all ears here.
The easy-rsa scripts that ship with OpenVPN might be helpful to you.
Grab the latest openvpn distribution:
http://openvpn.net/index.php/open-source/downloads.html
Then have a look at the easy-rsa instructions:
http://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html
You'll end up with a roll-your-own certificate authority (CA) and
scripts to build a certificate for your dovecot server.
Then use the Window key-management system to import the CA's public
certificate. At that point Outlook ought to trust your dovecot
certificate.
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the CentOS
mailing list