> > If you can convince openssl to use it.Does anybody have any hints on how it may be done, if possible at all? Stavros
You have to create your own ca, and then create the certificate. I doubt if you will be able to find companies like DigiCert or Comodo to do this. If you want, I can try sign it with our own 'internal' CA. The only thing you have to do is of course adding our CA to your ca bundle but that is very easy in CentOS7 -----Original Message----- From: Stavros Tsolakos [mailto:stsolakos at gmail.com] Sent: 20 December 2018 11:33 To: Dovecot Mailing List Subject: Re: Intentionally use weak server key> > If you can convince openssl to use it.Does anybody have any hints on how it may be done, if possible at all? Stavros
On 2nd thought, better is just to fix your problem, going in this direction does not make sense. -----Original Message----- From: Marc Roos Sent: 20 December 2018 11:38 To: dovecot; stsolakos Subject: RE: Intentionally use weak server key You have to create your own ca, and then create the certificate. I doubt if you will be able to find companies like DigiCert or Comodo to do this. If you want, I can try sign it with our own 'internal' CA. The only thing you have to do is of course adding our CA to your ca bundle but that is very easy in CentOS7 -----Original Message----- From: Stavros Tsolakos [mailto:stsolakos at gmail.com] Sent: 20 December 2018 11:33 To: Dovecot Mailing List Subject: Re: Intentionally use weak server key> > If you can convince openssl to use it.Does anybody have any hints on how it may be done, if possible at all? Stavros
On 20/12/2018 12:37, Marc Roos wrote:> > You have to create your own ca, and then create the certificate. I doubt > if you will be able to find companies like DigiCert or Comodo to do > this. > > If you want, I can try sign it with our own 'internal' CA. The only > thing you have to do is of course adding our CA to your ca bundle but > that is very easy in CentOS7 >Thank you, Marc. We created our own CA and certificates just fine. The problem is that SSL does not seem to like them giving the error I mentioned in the previous message: dovecot: imap-login: Error: SSL: Stacked error: error:04075070:rsa routines:RSA_sign:digest too big for rsa key What would an SSL+Dovecot expert do if this error was encountered? A 1024 bit key works just fine but we have to stick to 256.