On 6/25/2009 5:35 PM, S.Tindall wrote: > On Thu, 2009-06-25 at 23:00 +0100, Ned Slider wrote: > >> Bob Hoffman wrote: >> >>> Hi all, >>> Finally got around to making sendmail and dovecot use a secure log in >>> procedure on my server. >>> Now when I open up outlook it goes through a secure log in. >>> Unfortunately, I am using my own self signed cert on the server for this. >>> >>> Hence, I get, for every single account, everytime I open up outlook a >>> warning about untrusted cert. >>> >>> I have looked around and found a spot in IE to 'import' a cert of some >>> kind...and this would seem like the way to make it work. >>> >>> I am unsure exactly what I am supposed to copy or run on the server to then >>> save to my home computer to then add to the 'import' part. >>> >>> For sendmail I made a sendmail.pem and dovecot already came installed with >>> its cert. >>> >>> It is annoying to have the warnings everytime I open outlook up and if >>> anyone has experience with this stuff I would not mind a quick helping hand. >>> >>> Thanks all. >>> >>> Bob >>> >>> >> What warnings are you getting? >> >> You'll probably need to generate your own cert for dovecot too. The >> dovecot cert that ships with the package is for imap.example.com, so >> you'll probably get a warning that the cert doesn't match the host, and >> it also expired in Jan 2009 so you might get a warning for that too. If >> you generate your own cert, be sure the cert matches your FQ hostname. >> >> The other common warning is for an untrusted or self-signed cert, which >> can normally be overcome by importing the cert the first time. >> >> SSL/TLS for Dovecot is covered in the Wiki here: >> >> http://wiki.centos.org/HowTos/postfix_sasl#head-67159b2747e8ff10df5bf5da41d4f21a245afd7f >> >> I'll leave it for a sendmail user to advise you for that :) >> > > Adding to NedSlider's comments, you can also create your own Certificate > Authority for signing your local certs and then clients can import your > CA cert as a trusted authority. After that, any local cert you create > and sign will be recognized as trusted by the client systems. It's > surprisingly easy to do. > > The steps are nicely addressed in "Apache Security" (O'Reilly) by I. > Ristic: Chapter 4, "Apache and SSL" pp.86-93 and "Setting up a > Certificate Authority" pp. 93-99. They leave little to your imagination. > > And as NedSlider pointed out, be sure the host name on the cert. matches > the actual host name. Outlook/OE are very unforgiving on that point. > > > Steve > > > The easiest way I've found to add a hand rolled cert to windows box is as follows. Open your web browser of choice type the https url followed by :995. Example: https://mail.mydomain.com:995 You'll be prompted about the cert and there you can choose to install it. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20090626/920806e2/attachment-0005.html>