similar to: is a self signed certificate always invalid the first time?

On Wed, 9 Aug 2017 08:39:30 -0700 Gregory Sloop <gregs at sloop.net> wrote: > AV> So i?m using dovecot, and i created a self signed certificate > AV> with mkcert.sh based on dovecot-openssl.cnf. The name in there matches > AV> my mail server. > > AV> The first time it connects in mac mail however, it says the > AV> certificate is invalid and another

> On 10 August 2017, at 04:37, Alef Veld <alefveld at outlook.com> wrote: > > I completely agree (having said that I'm pretty new to all this so I might be full of it). > > You should run your own CA if you have an active financial interest in your company (say your the owner). No added benefit to have your certificate certified by a third party, why would they care

Thanks Ralph, i?ll look into that. I think let?s encrypt uses certbot though and it can?t do email certificates (although i?m sure i can convert the cert i get from let?s encrypt, i?ll look into it. > On 9 Aug 2017, at 16:40, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > > On 09.08.2017 17:20, Alef Veld wrote: > >> So i?m using dovecot, and i created a self

I completely agree (having said that I'm pretty new to all this so I might be full of it). You should run your own CA if you have an active financial interest in your company (say your the owner). No added benefit to have your certificate certified by a third party, why would they care about that one client). Ofcourse people would say "but ofcourse you would verify your own

SvK> On Wed, 9 Aug 2017 08:39:30 -0700 SvK> Gregory Sloop <gregs at sloop.net> wrote: >> AV> So i?m using dovecot, and i created a self signed certificate >> AV> with mkcert.sh based on dovecot-openssl.cnf. The name in there matches >> AV> my mail server. >> AV> The first time it connects in mac mail however, it says the >> AV>

I can't see any security advantages of a self signed cert. If the keypair is generated locally (which it should) a certificate signed by an external CA can't be worse just by the additional signature of the external CA. Better security can only be gained if all users are urged to remove all preinstalled trusted CAs from their mail clients (which seems impractical). Else an attacker could

Cheers Remko and Ralph. I think there was some mention in the lets encrypt FAQ that certbot doesn't do email. But I understand I can use their generated very for dovecot, postfix and https? That would be good indeed. Anyone know of any manual, or can I just replace the certs in the dovecot and postfix locations with theirs? Do dovecot, postfix and apache all support .pem format? Sent from

AV> So i?m using dovecot, and i created a self signed certificate AV> with mkcert.sh based on dovecot-openssl.cnf. The name in there matches my mail server. AV> The first time it connects in mac mail however, it says the AV> certificate is invalid and another server might pretend to be me etc. AV> I then have the option of trusting it. AV> Is this normal behaviour? Will it

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've recently set up a Red Hat Enterprise Linux 4 WS server, and decided to try using Dovecot as my IMAP server, as I was impressed with the dedication to security that seems to be the core development goal. I'm really happy with it, but I can't get it to work with a self-signed cert. Normally, on a RHEL system, you just go into

I've just installed dovecot on my FC5 box. I tweaked the dovecot-openssl.cnf and attempted to recreate the cert but get the errors below. I see older postings about this problem on FC2. help? - e # ./mkcert.sh /etc/ssl/certs directory doesn't exist /etc/ssl/private directory doesn't exist error on line -1 of dovecot-openssl.cnf 2810:error:02001002:system library:fopen:No such

Hello, Can someone point me to what I should do to install the missing files? I am trying to generate self-signed certificates using mkcert.sh but I get the following error: $ /usr/local/share/dovecot/mkcert.sh error on line -1 of ./dovecot-openssl.cnf} 6213:error:02001002:system library:fopen:No such file or

-- Message 3 - Second Response -- Aki, I pasted all you requested to Pastebin.com https://pastebin.com/fVLD495y Thank you for your assistance, - Jacob -- Message 2 - Initial Response -- On 4/21/20 2:43 AM, Aki Tuomi wrote: > Can you show > > journalctl -xe > > and > > systemctl status dovecot-init > > and > > /var/log/messages > > Aki -- Message 1 -

Perhaps this is an issue unique to installing from an RPM, but: % dovecot -n # 1.1.7: /etc/dovecot.conf # OS: Linux 2.6.27.7-134.fc10.i686 i686 Fedora release 10 (Cambridge) /etc/dovecot.conf says: ... ## ## SSL settings ## # IP or host address where to listen in for SSL connections. Defaults # to above if not specified. #ssl_listen = # Disable SSL/TLS support. #ssl_disable = no # PEM encoded

The sample dovecot-example.conf contains these lines: > # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before > # dropping root privileges, so keep the key file unreadable by anyone but > # root. Included doc/mkcert.sh can be used to easily generate self-signed > # certificate, just make sure to update the domains in dovecot-openssl.cnf > #ssl_cert_file

I followed the instructions here https://wiki.centos.org/HowTos/Https Checking port 80 I get the file... curl http://localhost/file.html <HTML> <FORM> Working </FORM> </HTML> Checking port 443 I get and error curl https://localhost/file.html curl: (60) Peer's certificate issuer has been marked as not trusted by the user. More details here:

What is the best way to adopt multiple certs? Thanks.

version: using dovecot 2.1.8 or 2.0.12 bug: installation - some files missed details: dovecot-openssl.cnf and mkcert.sh are not copied from the src/doc folder to the installation doc folder on installation (make install) both are referred to in the documentation and are useful. is there any chance of updating the build scripts to include these files? thanks, Tim

Hallo, i'm having troubles installing self-signed certificates for dovecot. After installing, dovecot generates a key and cert. But he is using the wrong common name (where does dovecot get this name from?). I tried deleting them and installing a handcrafted cert with this: openssl genrsa -out mail.key 2048 openssl req -new -key mail.key -out mail.csr openssl x509 -req -days 4312 -in

When I install an SSL certificate, I can't find a config option to set configure the Server Certificate Chain file... Is this not possible or can I do it another way? (When I connect, I am being told the Signature status is uncheckable...) Regards, BTJ -- ----------------------------------------------------------------------------------------------- Bj?rn T Johansen btj at havleik.no

Hello Micheal, this reminds me of something, that I experienced in the past. Why would the server! complain "Unknown CA"? To test inspect the communication with wireshark and look if the client sends a cert; or: $ echo "a001 LOGOUT" | openssl s_client -msg -connect your.server:993 and grep for "CertificateRequest". Do you have a certificate configured in your