[CentOS] Self signed certs, openssl dovecot

Fri Jul 24 22:33:29 UTC 2009
Ned Slider <ned at unixmail.co.uk>

Bob Hoffman wrote:
>  
>> Did you try any of the advice you received when you asked a month ago?
>>
>> http://lists.centos.org/pipermail/centos/2009-June/078273.html
>>
> 
> That was for the error with outlook, this is more about how to add that
> middle chain with dovecot to avoid the issue.
> None of those others will work with outlook. Importing a cert will do
> nothing to avoid a constant error everytime you open up the mail client.
> Only a trusted CA will work it seems.
> Dovecot setup uses two pem files and that is what the books say, but to not
> get the trusted chain error there has to be that third file of 'some kind'
> 'some where' relating to 'some thing'
> 
> If you have an answer, link to it, because I can show you no answer at all
> to prevent ssl chain warnings when accessing self signed certs via dovecot
> and mail clients...even if adding to the trusted folders client side.
> 

You need to become your own root CA, and sign your server certs with 
that root CA cert. Then import the root CA into Outlook as a trusted 
authority.

Step by step guides...

http://www.g-loaded.eu/2005/11/10/be-your-own-ca/

http://www.globalsign.com/support/personal-certificate/per_outlook07.html

but all this was explained a month ago in your original thread right here:

http://lists.centos.org/pipermail/centos/2009-June/078275.html