similar to: HTTPS certificates (off topic)

I followed the instructions here https://wiki.centos.org/HowTos/Https Checking port 80 I get the file... curl http://localhost/file.html <HTML> <FORM> Working </FORM> </HTML> Checking port 443 I get and error curl https://localhost/file.html curl: (60) Peer's certificate issuer has been marked as not trusted by the user. More details here:

Hi all - I am trying to figure out how to add a wild card certificate given to me for a CentOS installation. I have a script that sets up HTTPS so I am a little familiar with things - but they provided me two files: name_ee.crt name_i1.crt I'm not sure how to apply that to the /etc/httpd/conf.d/ssl.conf file? Anyone done that before ? My initial searches were not helpful. Thanks, Jerry

On 03/05/18 06:34, Nicolas Kovacs wrote: > Le 05/03/2018 ? 13:30, Nux! a ?crit : >> You could probably just drop your CA cert in the filesystem and run a >> couple of commands to get it imported, rather than having to import >> the CA in the browsers individually. You could probably deliver it >> via yum/rpm or better yet, ansible or even some shell script. > > I

On 9/28/2016 5:46 PM, Jerry Geis wrote: > How do I get a valid certificate for a box that is behind a firewall and > does not have a DNS entry? > > I was looking at letsencrypt.org but currently it looks like a valid DNS > entry is needed, of which I don't have. > > There is nothing special about my setup, its just a box that is not > directly on the internet, no DNS

Hi, I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and a valid Let's Encrypt certificate. I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the tcps method, but when I launch the replication it fails writing on the log (/var/log/mail.err): (Server 1 - sync "client" )| Error: sync: Disconnected from

On Jun 15, 2016, at 7:57 AM, ????????? ???????? <nevis2us at infoline.su> wrote: > > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free Today, I would prefer Let?s Encrypt: https://letsencrypt.org/ It is philosophically aligned with the open source software world, rather than act as bait

A very ignorant question, sans doute. I get my certificates from cacert.org, to whom I am very grateful. I follow what I take to be the official procedure, first creating <server>.key and <server>.csr on my server and then getting <server>.crt by going to Server Certificate=>New at the cacert site. I then place the key certficate *.key in /etc/pki/tls/private/ and what I

On Thu, 14 Mar 2019 12:13:15 +0100 "Guido Goluke, MajorLabel via dovecot" <dovecot at dovecot.org> wrote: > Op 14-03-19 om 11:46 schreef mick crane via dovecot: > > Excuse dopey question. > > I'm not exactly clear about certificates. > > Apache2 default install has this snake oil certificate > > Can make a new one for apache > > Can make one

I'm setting up certbot/letsencrypt to provide a certificate for dovecot and sendmail. Is it necessary to restart dovecot to load the new certificate, as shown in most examples I find in blogs? That seems rude to established connections. When does dovecot read the cert and key files? Once at startup or each time a connection requests SSL? Is there a preferred locking protocol when changing

On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > I do see WoSign there (though I'd prefer to avoid my US located servers > have certificates signed by authority located in China, hence located sort > of behind "the great firewall of China" - call me superstitious). That?s a perfectly valid concern. The last I heard, modern

hi all, I have gone through the process of self signing certificates. Aside from the pop-ups about not trusted etc... everything appears to work. For "internal" applications what do people/places do? It would be nice to be seamless and have the "your not trusted" window pop-up. Yet this is not a public web site either. Just internal use. The server might be on the internet

Seems wrong to me too, Robert. If you put your private key inside your certificate, won't it be sent to the client along with it ? Bastian, are you using an old version of thunderbird ? googling for "SSL alert number 42" gave me two results indicating a bug in thunderbird versions 31,32 and 33. You can check these links if you wish : *

So this morning at 4am I was awoken to my mail clients getting certificate errors for an expired certificate. I hopped on to the server and checked and? no, the LE certs renewed last month and are valid until November. After some moments of confusion I noticed that dovecot had been running since before the renewal, so I did a quick service dovecot restart which fixed everything. Should dovecot

What is the best way to adopt multiple certs? Thanks.

Hi, I'm currently installing and configuring CentOS 7 on a public server. The machine will host a few small-to-midsize projects that are currently running on a handful of Slackware servers: public library databases, our public school's agenda, a small webradio, OwnCloud for myself and a local non-profit, etc. Until recently I've mostly used self-signed SSL certificates for stuff

Hi, I'm getting increasingly paranoid. Something I said on a certain social media site several months ago was modified - then reported - then by account was banned until I agreed to delete it. Obviously since what I said was modified I didn't have any issue with deleting it but I want more than just DKIM sigs on my e-mail now. Anyway looking for S/MIME I can use to sign and/or

Hi all, Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, the boss finally agreed to let me buy some real certs... Until now, we've been using self-signed certs with the following dovecot config: ssl = required ssl_cert = </etc/ssl/ourCerts/imap.pem ssl_key = </etc/ssl/ourCerts/imap_key.pem Now, I've created new keys/certs and the CSR, got the new

I am getting myself confused, and need someone who fully understands this process to help me out a bot. I would like to obtain an ssl certificate, so I can run my own imap server on a machine in my office. My domain is hosted by networksolutions, but I don't run my imap server there. I am assuming I'll need to pay a CA to generate what I need, but I'm confused about what I

On Wed, Jun 15, 2016 at 10:02:57AM -0500, Valeri Galtsev wrote: > > On Wed, June 15, 2016 9:17 am, Warren Young wrote: > >> > >> Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > > > Today, I would prefer Let???s Encrypt: > > > > https://letsencrypt.org/ > > > > It is philosophically aligned with the open

If you're using acme.sh: acme.sh --installcert -d imap.example.com \ ? --keypath /etc/pki/dovecot/private/imap.example.com.pem \ ? --certpath /etc/pki/dovecot/certs/imap.example.com.crt \ ? --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \ ? --reloadcmd??????????? "systemctl reload dovecot.service" HTH, Bill On 9/8/2017 9:56 AM, Darac Marjal wrote: >