[CentOS] Ignorant question on SSL certs

Tue Mar 3 15:28:59 UTC 2015
Jason Pyeron <jpyeron at pdinc.us>

> -----Original Message-----
> From: Timothy Murphy
> Sent: Tuesday, March 03, 2015 10:13
> 
> Jason Pyeron wrote:
> 
> >> I'm getting endless complaints about my dovecot cert,
> > 
> > Exact message please?
> 
> The certificate does not apply to the given host

So lets deal with this first.

What is the hostname?

What is the subject of the certificate [hint, I asked for the cert to be posted last time]?

> The certificate is not signed by any trusted certificate authority

We will address this after we get more data on the problem.

> 
> >> Do I really have to use a separate cert and key for dovecot?
> >> Can I not use the "standard" cert in /etc/pki/tls/certs (and key)
> >> from CACert.org ?
> > 
> > Post the certificate only, not the private key.

Like this: openssl x509 < /etc/pki/dovecot/certs/dovecot.pem

> 
> I've looked at the cert and key and they look ok for what they are,
> a self-signed certificate and key, as created (years ago)
> following the instructions in the dovecot installation instructions.
> 
> I'm really just asking if I cannot just use what I take to be
> the standard openssl certificate and key in /etc/pki/tls/
> Do I really have to create up a special cert for dovecot?

It depends on what you mean by special and was it done properly the first time.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.