dovecot - Jan 2004 - Certificate Authority-signed certs in dovecot?

Hi!

Sorry if this has been covered.  I've just started using dovecot and
I've
searched via google and I've downloaded the maillist archives, but I
haven't
found a solution.

I'm using Fedora Core 1, with dovecot-0.99.10-6.  When I'm at work, I
access
my home mail server using Outlook Express (I know, I know, but it's the only
client I'm allowed to use at work).  Now, I'm able to get to my email,
but I
get a warning popup box each time I connect to the server, that the
authenticity of the certificate can't be verified.  I'm assuming that
that's
because I am using a self-signed certificate.

Now, I'm also using postfix, and it allows for me creating my own CA
certificate, and using it to sign my own certificates.  The
/etc/postfix/main.cf entries are:

smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem

but while I see the following two lines in /etc/dovecot.conf:

ssl_cert_file = /usr/share/ssl/certs/dovecot.pem
ssl_key_file = /usr/share/ssl/private/dovecot.pem

I don't see how to specify my CA cert.

I'm pretty much a noob when it comes to openssl, but I've been able to
follow directions to get the TLS working in both postfix and dovecot.  I
just want to get rid of that annoying message.  I figure that there's a way
to sign my dovecot certs with the ca cert I've already created for postfix,
and tell dovecot about it somehow.  Has anybody done this?

Thanks!

Ben

On Fri, Jan 16, 2004 at 10:44:11AM -0600, Benjamin J. Weiss
wrote:
> I'm using Fedora Core 1, with dovecot-0.99.10-6.  When I'm at work,
I access
> my home mail server using Outlook Express (I know, I know, but it's the
only
> client I'm allowed to use at work).  Now, I'm able to get to my
email, but I
> get a warning popup box each time I connect to the server, that the
> authenticity of the certificate can't be verified.  I'm assuming
that that's
> because I am using a self-signed certificate.
You can use Internet Explorer to add your CA certificate to
your client machine (and it will also be honored by Outlook
Express).  Or you can add just the cert for the IMAP machine.

  http://www.microsoft.com/Windows/ie/using/howto/digitalcert/using.asp

On Fri, 2004-01-16 at 18:44, Benjamin J. Weiss wrote:
> but while I see the following two lines in /etc/dovecot.conf:
> 
> ssl_cert_file = /usr/share/ssl/certs/dovecot.pem
> ssl_key_file = /usr/share/ssl/private/dovecot.pem
> 
> I don't see how to specify my CA cert.
Currently there's no way to do it, but Zach Bagnall wrote a patch some
time ago. Now that I remember it, I'll commit it to CVS :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: dovecot-0.99.10.2-ca.diff
Type: text/x-patch
Size: 3260 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20040119/00133a91/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20040119/00133a91/attachment-0003.bin>