similar to: self signing certificates

Hi all, Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, the boss finally agreed to let me buy some real certs... Until now, we've been using self-signed certs with the following dovecot config: ssl = required ssl_cert = </etc/ssl/ourCerts/imap.pem ssl_key = </etc/ssl/ourCerts/imap_key.pem Now, I've created new keys/certs and the CSR, got the new

I followed the instructions here https://wiki.centos.org/HowTos/Https Checking port 80 I get the file... curl http://localhost/file.html <HTML> <FORM> Working </FORM> </HTML> Checking port 443 I get and error curl https://localhost/file.html curl: (60) Peer's certificate issuer has been marked as not trusted by the user. More details here:

Newbie Q: Building a webstore and need to have SLL-encryption on the checkout pages... I have no previous experience with SSL. I understand that I need a SSL-certificate. I''m planning on purchasing the cert from RapidSSL, but to do that I need to generate a CSR (Certificate Signing Request). How do I do that? How do I install the certificate on the server? Are there any guides on

Hallo, i'm having troubles installing self-signed certificates for dovecot. After installing, dovecot generates a key and cert. But he is using the wrong common name (where does dovecot get this name from?). I tried deleting them and installing a handcrafted cert with this: openssl genrsa -out mail.key 2048 openssl req -new -key mail.key -out mail.csr openssl x509 -req -days 4312 -in

Hi, Is there a way to have puppetmaster sign new clients'' certificates when using apache+mongrel for serving, without having a separate puppetmaster instance running webrick on a different port/IP? I guess this does not work out of the box because apache is told to do the verification very early in the connection process, at which point it does not yet know that the client is going to

On Thu, 14 Mar 2019 12:13:15 +0100 "Guido Goluke, MajorLabel via dovecot" <dovecot at dovecot.org> wrote: > Op 14-03-19 om 11:46 schreef mick crane via dovecot: > > Excuse dopey question. > > I'm not exactly clear about certificates. > > Apache2 default install has this snake oil certificate > > Can make a new one for apache > > Can make one

How do I get a valid certificate for a box that is behind a firewall and does not have a DNS entry? I was looking at letsencrypt.org but currently it looks like a valid DNS entry is needed, of which I don't have. There is nothing special about my setup, its just a box that is not directly on the internet, no DNS entry but I need HTTPS to run correctly. How do I generate a trusted

On 06/16/2016 11:23 AM, Valeri Galtsev wrote: > as the one who has to handle quite a > few certificates, I only will go with certificates valid for a year, > ...do I miss something?). Yes. The tool that creates certificate/key pairs, submits the CSR, and installs the certificate is intended to be fully automated. In production, you should be running it as an automatic job. As

On Jun 15, 2016, at 7:57 AM, ????????? ???????? <nevis2us at infoline.su> wrote: > > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free Today, I would prefer Let?s Encrypt: https://letsencrypt.org/ It is philosophically aligned with the open source software world, rather than act as bait

On Thu, 14 Mar 2019 09:51:14 -0400 Phil Turmel via dovecot <dovecot at dovecot.org> wrote: > On 3/14/19 7:40 AM, Stephan von Krawczynski via dovecot wrote: > > > Sorry I have to write this, but this is again pointing people in a fake > > security direction. > > You should be sorry, because you are wrong. > > > The only valid authority for a certificate

yacinechaouche at yahoo.com writes: > Interesting. Is there any particular benefit in having only one file > for both certificate and private key ? I find that putting private key > in a separate file feels more secure. It's convenient to have key and cert in one place if you don't need the certificate to be publically readable. Keeping it in separate files would add slightly

I am wondering how to manually (using openssl instead of puppet cert command) create CA that would be usable by Puppet? The goal would be to script creation of such CA''s to deploy them on multiple puppetmasters, instead of certificates being created on them via puppet cert command. Any ideas on how to do it? I was only able to find something like that:

So i?m using dovecot, and i created a self signed certificate with mkcert.sh based on dovecot-openssl.cnf. The name in there matches my mail server. The first time it connects in mac mail however, it says the certificate is invalid and another server might pretend to be me etc. I then have the option of trusting it. Is this normal behaviour? Will it always be invalid if it?s not signed by a

On 06/16/2016 10:53 AM, Walter H. wrote: > lets encrypt only trusts for 3 months; would you really except in an > onlineshop, someone trusts this shop? > let us think something like this: "when the CA only trusts for 3 > months, how should I trust for a longer period > which is important for warranty ..." I doubt that most users check the dates on SSL certificates,

Hello, I tryed to eneble TLS connection from postfix to dovecot lmtp. Unfortunely I have problem with certificate, postfix shows, 2015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) I checked certs by openssl s_client: #openssl s_client -connect

Hello everybody, we´re using Red Hat Kickstarts for some systems. On every new kickstart we´ve to delete the client certificate first on the master. Ist there a best practise to renew the certificate or delete it remotely on the master? kind regards, Ano -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on

On Wed, 9 Aug 2017 08:39:30 -0700 Gregory Sloop <gregs at sloop.net> wrote: > AV> So i?m using dovecot, and i created a self signed certificate > AV> with mkcert.sh based on dovecot-openssl.cnf. The name in there matches > AV> my mail server. > > AV> The first time it connects in mac mail however, it says the > AV> certificate is invalid and another

On 8/11/2017 1:29 PM, Ralph Seichter wrote: > On 11.08.2017 11:36, Michael Felt wrote: > >> This is what Ralph means when he says "have been running a CA for >> 15+ years" - not that he is (though he could!) sell certificates >> commercially - rather, he is using an initial certificate to sign >> later certificates with. > Actually, I do sell certificates

Hi all - I am trying to figure out how to add a wild card certificate given to me for a CentOS installation. I have a script that sets up HTTPS so I am a little familiar with things - but they provided me two files: name_ee.crt name_i1.crt I'm not sure how to apply that to the /etc/httpd/conf.d/ssl.conf file? Anyone done that before ? My initial searches were not helpful. Thanks, Jerry

I have looked at let's encrypt. Key issue for me is having to add a lot python stuff that would otherwise not be on any server. Again, All CA's like "Let's Encrypt" - and others that are accepted by the "majors", e.g., Windows, Mozilla make it much easier for the "random" user to use anything you protect with SSL (better TLS) without them having to