similar to: Creating your own CA and SSL certificates

I have played with self-signed end-use PKI certificates for about a decade now and would really like to set up a proper, albeit private, PKI using some sort of OFS CA management software. I have looked at OpenCA and found a few packages on sourceforge but they all seem to fall short of my desires in one form or another (rpm install, multiple subordinate CAs, certificate revocation and extension

Hello, I am going to build an email server on Centos for a small, private group of users and I just want to encrypt all communications between that server and the (remote) email clients of those users (or they browsers, when they use webmail). Client certificates are not necessary, at least now. I understand that to do that I need to create my own SSL CA, create with it a self signed certificate

When I install an SSL certificate, I can't find a config option to set configure the Server Certificate Chain file... Is this not possible or can I do it another way? (When I connect, I am being told the Signature status is uncheckable...) Regards, BTJ -- ----------------------------------------------------------------------------------------------- Bj?rn T Johansen btj at havleik.no

I've dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 , atm on Fedora32. I configure /etc/pki/tls/openssl.cnf to set preferences for apps' usage, e.g. Postfix etc; Typically, here cat /etc/pki/tls/openssl.cnf openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect

Hi, next problem with outlook 2003 On the IMAP Server (dovecot.x86_64 1.0.7-7.el5) I created a certificate with "mkcert_dovecot.sh". Some entries as be written to "/etc/pki/dovecot/dovecot-openssl.cnf". plaintext paswords are disables. IMAP Serverport: 993 Server needs SSL Now the outlook 2003 clients meens "the server uses a security certificate, which could not be

What is the best way to adopt multiple certs? Thanks.

At 09:09 AM 4/18/2016, you wrote: >On Mon, 18 Apr 2016, david wrote: > >>FOLLOWUP & REPORT >> >>I had lots of suggestions, and the most persuasive was to try >>OpenVPN. I already had a CA working, so issuing certificates was >>easy. The HOW-TO guides were less helpful than I could hope, but >>comparing several of them, applying common sense, and

> On 22/09/2020 21:00 PGNet Dev <pgnet.dev at gmail.com> wrote: > > > On 9/22/20 10:51 AM, Aki Tuomi wrote: > >>> > > > > Well, dovecot does not actually do any parsing for system-wide openssl.cnf. This sounds more like OpenSSL issue than dovecot issue. > > I've NO issue with that config/setting with any _other_ app -- whether in general

I followed the instructions here https://wiki.centos.org/HowTos/Https Checking port 80 I get the file... curl http://localhost/file.html <HTML> <FORM> Working </FORM> </HTML> Checking port 443 I get and error curl https://localhost/file.html curl: (60) Peer's certificate issuer has been marked as not trusted by the user. More details here:

I am told by yum localinstall that I need this for TinyCA2. When I search for it, it seems like it SHOULD be part of basic perl package, but it is hard to argue with yum on dependencies.....

Hello, I've a not really dovecot specific problem with my certificate. Since the OpenSSL documentation isn't what I expect to be at least good, I hope someone here can give me a hint how/where fo fix it; I've created a root-Certificate with almost untouched openssl.cnf and issued a server-certificate for dovecot. This cert and it's key I placed in somewhat like /var/dovecot.

Hello, the RPM ca-certificates-2018.2.22-65.1.el6.noarch has a big problem ... many certificates were removed - my proxy uses this as source and isn't able to validate correct any more - most sites show this: /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) /Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

Remove the ca certificates. Signed-off-by: Wanlong Gao <gaowanlong at cn.fujitsu.com> --- sysprep/Makefile.am | 2 + sysprep/sysprep_operation_ca_certificates.ml | 62 ++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 sysprep/sysprep_operation_ca_certificates.ml diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am index

Sometime in Feb, yum updated something to do with ca-bundle. I didn't notice at the time, but it put these two files on my machine: /etc/pki/tls/certs/ca-bundle.trust.crt.rpmnew and /etc/pki/tls/certs/ca-bundle.crt.rpmnew Both of those on the existing system are symbolic links ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle-trust.crt and ca-bundle.crt ->

Hi all, Can anybody inform me wether the "RedHat Certificate System" or actually a CentOS equivalent is available for CentOS. Just skimmed on a download site through the RPM's for 5.3 and I couldn't find it. According to their pressrelease, it the code should be gpl, allthough I can't find any rpm for RH, FC or Centos. It seems that this is one of the few CA-packages for

I have a remote server running centos 4.3 and a home desktop running suse 10.1. I have generated an SSL certificate on the server, copied it on the desktop and run on the desktop: >openssl x509 -in mynewcertCert.pem -fingerprint -subject -issuer -serial -hash -noout >c_rehash . getting this warning: > > Doing . > WARNING: mynewcertPrivateKey.pem does not contain a certificate or

> > No: /etc/pki/CA should NOT be group writeable. Ditto for > /etc/pki/tls/cernts and private Ok, yeah I can understand that. I'll correct it. Still need a way to get SSL enabled however. Any suggestions there? Thanks Tim On Thu, Mar 12, 2015 at 11:40 AM, <m.roth at 5-cent.us> wrote: > Tim Dunphy wrote: > >> > >> The mysqld process runs as the mysql

Dear All This is my continuation of postfix setup. Following link http://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServerfor postfix setup. At one stage it says, Configuring The Server Setup SSL Certificate Now generate an SSL certificate for postfix and dovecot to have TLS support. Replace mail.example.com with your server hostname. > genkey --days 3650

Perhaps this is an issue unique to installing from an RPM, but: % dovecot -n # 1.1.7: /etc/dovecot.conf # OS: Linux 2.6.27.7-134.fc10.i686 i686 Fedora release 10 (Cambridge) /etc/dovecot.conf says: ... ## ## SSL settings ## # IP or host address where to listen in for SSL connections. Defaults # to above if not specified. #ssl_listen = # Disable SSL/TLS support. #ssl_disable = no # PEM encoded

Hi, I recognised some funny behaviour on my server. IMAP clients which won't send an Server Name Indication (SNI) sometimes get the wrong certificate. I would expect that those clients always get the default certificate (of my new domain), instead in about 20 to 50% of connections the certificate of my old domain will be presented. (sample rate was 3 times 30 connections) Clients sending SNI