Jason Pyeron wrote:>> I'm really just asking if I cannot just use what I take to be >> the standard openssl certificate and key in /etc/pki/tls/ >> Do I really have to create up a special cert for dovecot? > > It depends on what you mean by special and was it done properly the first > time.The cert and key in /etc/pki/tls seem to work perfectly well. My impression is that this is the standard place for CentOS and Fedora certs. IIRC, installation guides for both suggest this for certs and keys. Most Fedora applications that require authentication also seem to refer to this folder. My question is simply: Does one require a separate cert for dovecot? -- Timothy Murphy gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin
On 03/04/2015 08:12 AM, Timothy Murphy wrote:> My question is simply: Does one require a separate cert for dovecot?Dovecot does not care if you use the same cert for other applications. Your question is missing the point, others are trying to tell you that the real issue is that the cert was not created properly for the hostname that the IMAP clients are connecting to. This has nothing to do with sharing the certificate with other applications. I use the same cert for dovecot, postfix and apache. They are all individually happy with this single cert, but they all use the same hostname to connect (mail.example.com) and so can have the same commonname. Peter
Peter wrote:> On 03/04/2015 08:12 AM, Timothy Murphy wrote: >> My question is simply: Does one require a separate cert for dovecot? > > Dovecot does not care if you use the same cert for other applications.Thank you, that was my question.> Your question is missing the point, others are trying to tell you that > the real issue is that the cert was not created properly for the > hostname that the IMAP clients are connecting to. This has nothing to > do with sharing the certificate with other applications.I don't really care what is wrong with it, if I can do without it. I'm using the /etc/pki/tls/ cert and key in dovecot now, and they seem to work fine. Incidentally, I created the /etc/pki/dovecot/ cert and key years ago, and never got this flood of warning messages until recently. If in fact it is unnecessary to create a special cert and key for dovecot it seems to me remiss not to say this in the dovecot installation doc. -- Timothy Murphy gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin