similar to: is a self signed certificate always invalid the first time?

On Wed, 9 Aug 2017 08:39:30 -0700 Gregory Sloop <gregs at sloop.net> wrote: > AV> So i?m using dovecot, and i created a self signed certificate > AV> with mkcert.sh based on dovecot-openssl.cnf. The name in there matches > AV> my mail server. > > AV> The first time it connects in mac mail however, it says the > AV> certificate is invalid and another

> On 10 August 2017, at 04:37, Alef Veld <alefveld at outlook.com> wrote: > > I completely agree (having said that I'm pretty new to all this so I might be full of it). > > You should run your own CA if you have an active financial interest in your company (say your the owner). No added benefit to have your certificate certified by a third party, why would they care

Thanks Ralph, i?ll look into that. I think let?s encrypt uses certbot though and it can?t do email certificates (although i?m sure i can convert the cert i get from let?s encrypt, i?ll look into it. > On 9 Aug 2017, at 16:40, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > > On 09.08.2017 17:20, Alef Veld wrote: > >> So i?m using dovecot, and i created a self

I completely agree (having said that I'm pretty new to all this so I might be full of it). You should run your own CA if you have an active financial interest in your company (say your the owner). No added benefit to have your certificate certified by a third party, why would they care about that one client). Ofcourse people would say "but ofcourse you would verify your own

SvK> On Wed, 9 Aug 2017 08:39:30 -0700 SvK> Gregory Sloop <gregs at sloop.net> wrote: >> AV> So i?m using dovecot, and i created a self signed certificate >> AV> with mkcert.sh based on dovecot-openssl.cnf. The name in there matches >> AV> my mail server. >> AV> The first time it connects in mac mail however, it says the >> AV>

Cheers Remko and Ralph. I think there was some mention in the lets encrypt FAQ that certbot doesn't do email. But I understand I can use their generated very for dovecot, postfix and https? That would be good indeed. Anyone know of any manual, or can I just replace the certs in the dovecot and postfix locations with theirs? Do dovecot, postfix and apache all support .pem format? Sent from

I can't see any security advantages of a self signed cert. If the keypair is generated locally (which it should) a certificate signed by an external CA can't be worse just by the additional signature of the external CA. Better security can only be gained if all users are urged to remove all preinstalled trusted CAs from their mail clients (which seems impractical). Else an attacker could

AV> So i?m using dovecot, and i created a self signed certificate AV> with mkcert.sh based on dovecot-openssl.cnf. The name in there matches my mail server. AV> The first time it connects in mac mail however, it says the AV> certificate is invalid and another server might pretend to be me etc. AV> I then have the option of trusting it. AV> Is this normal behaviour? Will it

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've recently set up a Red Hat Enterprise Linux 4 WS server, and decided to try using Dovecot as my IMAP server, as I was impressed with the dedication to security that seems to be the core development goal. I'm really happy with it, but I can't get it to work with a self-signed cert. Normally, on a RHEL system, you just go into

I've just installed dovecot on my FC5 box. I tweaked the dovecot-openssl.cnf and attempted to recreate the cert but get the errors below. I see older postings about this problem on FC2. help? - e # ./mkcert.sh /etc/ssl/certs directory doesn't exist /etc/ssl/private directory doesn't exist error on line -1 of dovecot-openssl.cnf 2810:error:02001002:system library:fopen:No such

What is the best way to adopt multiple certs? Thanks.

-- Message 3 - Second Response -- Aki, I pasted all you requested to Pastebin.com https://pastebin.com/fVLD495y Thank you for your assistance, - Jacob -- Message 2 - Initial Response -- On 4/21/20 2:43 AM, Aki Tuomi wrote: > Can you show > > journalctl -xe > > and > > systemctl status dovecot-init > > and > > /var/log/messages > > Aki -- Message 1 -

Hello, Can someone point me to what I should do to install the missing files? I am trying to generate self-signed certificates using mkcert.sh but I get the following error: $ /usr/local/share/dovecot/mkcert.sh error on line -1 of ./dovecot-openssl.cnf} 6213:error:02001002:system library:fopen:No such file or

Perhaps this is an issue unique to installing from an RPM, but: % dovecot -n # 1.1.7: /etc/dovecot.conf # OS: Linux 2.6.27.7-134.fc10.i686 i686 Fedora release 10 (Cambridge) /etc/dovecot.conf says: ... ## ## SSL settings ## # IP or host address where to listen in for SSL connections. Defaults # to above if not specified. #ssl_listen = # Disable SSL/TLS support. #ssl_disable = no # PEM encoded

The sample dovecot-example.conf contains these lines: > # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before > # dropping root privileges, so keep the key file unreadable by anyone but > # root. Included doc/mkcert.sh can be used to easily generate self-signed > # certificate, just make sure to update the domains in dovecot-openssl.cnf > #ssl_cert_file

When I install an SSL certificate, I can't find a config option to set configure the Server Certificate Chain file... Is this not possible or can I do it another way? (When I connect, I am being told the Signature status is uncheckable...) Regards, BTJ -- ----------------------------------------------------------------------------------------------- Bj?rn T Johansen btj at havleik.no

On Thu, 10 Aug 2017, Larry Rosenman wrote: > Which mail client on iOS? Sorry, maybe not iOS, but definitely MacOSX Mail app. Joseph Tam <jtam.home at gmail.com>

version: using dovecot 2.1.8 or 2.0.12 bug: installation - some files missed details: dovecot-openssl.cnf and mkcert.sh are not copied from the src/doc folder to the installation doc folder on installation (make install) both are referred to in the documentation and are useful. is there any chance of updating the build scripts to include these files? thanks, Tim

Hi, you definitely have a problem with the packages out of your own repo for version 2.3.0 and CentOS. And this is only if you do a clean install, meaning there was no lower dovecot version ever running on the system. If you want to 'systemctl start dovecot' it breaks with a dependency error which comes from dovecot-init.service. dovecot-init.service : [Unit] Description=One-time

hello trying to install dovecot 2 on a fresh installed machine I get this error message : doveconf -n > dovecot-new.conf doveconf: Error: ssl enabled, but ssl_cert not set doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set the ssl config file look like the following : Thanks for any info. ## ## SSL settings ## # SSL/TLS