Hi all, We are running "dovecot-1.0.7-7.el5" on a CentOS release 5.5 (Final) box. I know, its an old version, but it cames up with the CentOS release (yum). Anyway. Is there a way to import the certificate, which was generated with "mkcert_dovecot.sh", permanently to the outlook 2003 clients? Every time, when our office 2003 clients fetches there emails (POP3s) from our dovecot server, they will be asked "......, the CN-Name of this certificate doesn't match with the taken Value. Do you want to continue with this server?. sorry for the poor english translation. Here in german (for some german people): Der Server, mit dem Sie verbunden sind, verwendet ein Sicherheitszertifikat, das nicht verifiziert werden konnte. Der CN-Name des Zertifikates stimmt nicht mit dem ?bergebenen Wert ?berein. M?chten Sie diesen Server weiterhin verwenden? many thanks for some hints Richard
Richard Gliebe wrote on 12.09.2010:> Hi all,> We are running "dovecot-1.0.7-7.el5" on a CentOS release 5.5 (Final) > box. I know, its an old version, but it cames up with the CentOS release > (yum). Anyway.> Is there a way to import the certificate, which was generated with > "mkcert_dovecot.sh", permanently to the outlook 2003 clients?> Every time, when our office 2003 clients fetches there emails (POP3s) > from our dovecot server, they will be asked "......, the CN-Name of this > certificate doesn't match with the taken Value. Do you want to continue > with this server?.> sorry for the poor english translation. > Here in german (for some german people): > Der Server, mit dem Sie verbunden sind, verwendet ein > Sicherheitszertifikat, das nicht verifiziert werden konnte. > Der CN-Name des Zertifikates stimmt nicht mit dem ?bergebenen Wert ?berein. > M?chten Sie diesen Server weiterhin verwenden?> many thanks for some hints > RichardHave you changed the value for # Common Name (*.example.com is also possible) CN=imap.example.com to match the hostname of your mail server before you've created the certificate? You can import the certificate in the certificate store of Windows but the error will be same because the hostname does not match the hostname in your certificate. You could also setup your own private CA or use a public one to sign your certificates - this is the preferred way. See also: http://wiki.dovecot.org/SSL/CertificateCreation -- Daniel
Am 12.09.2010 07:19 schrieb Richard Gliebe:> Hi all, > > We are running "dovecot-1.0.7-7.el5" on a CentOS release 5.5 (Final) > box. I know, its an old version, but it cames up with the CentOS release > (yum). Anyway. > > Is there a way to import the certificate, which was generated with > "mkcert_dovecot.sh", permanently to the outlook 2003 clients? > > Every time, when our office 2003 clients fetches there emails (POP3s) > from our dovecot server, they will be asked "......, the CN-Name of this > certificate doesn't match with the taken Value. Do you want to continue > with this server?. > > sorry for the poor english translation. > Here in german (for some german people): > Der Server, mit dem Sie verbunden sind, verwendet ein > Sicherheitszertifikat, das nicht verifiziert werden konnte. > Der CN-Name des Zertifikates stimmt nicht mit dem ?bergebenen Wert ?berein. > M?chten Sie diesen Server weiterhin verwenden? > > many thanks for some hints > Richard >Hello, Your first step is to convert the .pem file (e.g., cacert.pem) to the .der format: # openssl x509 -in cacert.pem -out cacert.der -outform DER Then you can either - copy the cacert.der to your Windows clients - import the cacert.der file with a double click on the filename or - copy the cacert.der to a file named cacert.crt on your web server - import the certificate to your Windows clients using Internet Explorer (or Safari on an iPhone/iPad) e.g., http://www.yourserver.de/cacert.crt . Cheers, Wieland
Am 12.09.2010 07:19, schrieb Richard Gliebe:> Hi all, > > We are running "dovecot-1.0.7-7.el5" on a CentOS release 5.5 (Final) > box. I know, its an old version, but it cames up with the CentOS release > (yum). Anyway. > > Is there a way to import the certificate, which was generated with > "mkcert_dovecot.sh", permanently to the outlook 2003 clients? > > Every time, when our office 2003 clients fetches there emails (POP3s) > from our dovecot server, they will be asked "......, the CN-Name of this > certificate doesn't match with the taken Value. Do you want to continue > with this server?. > > sorry for the poor english translation. > Here in german (for some german people): > Der Server, mit dem Sie verbunden sind, verwendet ein > Sicherheitszertifikat, das nicht verifiziert werden konnte. > Der CN-Name des Zertifikates stimmt nicht mit dem ?bergebenen Wert ?berein. > M?chten Sie diesen Server weiterhin verwenden? > > many thanks for some hints > Richard >should be a procedure like this http://support.real-time.com/windows/email/ssl-cert.html -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria