Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
did i create my dovecot ssl certs wrong?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
methodtwo
Apprentice
Apprentice


Joined: 01 Feb 2008
Posts: 231

PostPosted: Thu Jan 26, 2012 9:20 pm    Post subject: did i create my dovecot ssl certs wrong? Reply with quote

Hi there
I have my servers behind a single I.P(my router's external I.P). I want to be able to get mail from dovecot, via imaps, from my internal LAN and from the Internet. So far i've only used dovecot from the LAN.
I'm just wondering about how to test if the dovecot.pem keyfile and dovecot.pem cert file were created correctly on my imaps server?. When i connect to my dovecot imaps server, mutt always asks me if i want to accept the certificate(every time i connect...even though i've opted for (a)lways accept on all previous connection attempts).
Another issue is that i was thinking that i might have put the incorrect canonical name when i used mkcert.sh to create the cert/keyfiles?. Bearing in mind that there is no mx record in DNS for the mail server(both my servers will be acessed using a name that is associated with my router's external i.p) the imaps server should have just this domainname as the canonical name when the cert/key is created right?. I think the cert was created using the full hostname+domainname. I have a webserver and a mail server and the domainname associated with my router's external i.p is the full name of the web server(hostname+domainname). So the canonical name i used when creating the cert/key, for my mail server, i think, was mailserver.webserver.domain.org. I understand that this might be wrong if mail is to be accessed from the LAN and the net, right?
How do i see if the name in the cert/key is what mutt expects with the openssl comandline tools? The cert/key needs to be regenerated using mkcert.sh and the canonical name set to just domainname(router's external I.P)? (i'm o.k with a self-signed cert/key).
Thank you very much for your time


Last edited by methodtwo on Fri Jan 27, 2012 11:38 am; edited 1 time in total
Back to top
View user's profile Send private message
methodtwo
Apprentice
Apprentice


Joined: 01 Feb 2008
Posts: 231

PostPosted: Fri Jan 27, 2012 9:36 am    Post subject: Reply with quote

Seriously self-signed certs are fine for my purpose and i want to stick with mutt as the MUA on the clients. Also when using dovecot for IMAPS, if you want to have authentication of clients, do you have to set up a CA to issue your clients with certs? (if you don't want to generate a csr and go to an official CA).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum