[Dovecot] dovecot 2 in ubuntu 12.04 or Debian Squeeze

Noel Butler noel.butler at ausics.net
Tue Mar 19 08:54:07 EET 2013


On Mon, 2013-03-18 at 22:56 -0700, pvsuja wrote:


> Mar 19 09:33:16 mailspace dovecot: imap(suja): Invalid certificate: self
> signed certificate in certificate chain: /C=IN/ST=Karnataka/O=xxx/OU=YYY
> CA/CN=mailserver.domain.com/emailAddress=sysadm at domain.com
> Mar 19 09:33:16 mailspace dovecot: imap(suja): Error:



> ssl = required


to ensure things are working, change this to "no", if you can get mail
then, change it to "yes", dont absolute force until you have everything
fixed.


> ssl_ca = </usr/local/etc/dovecot/certs/cacert.pem
> ssl_cert = </usr/local/etc/dovecot/certs/public_cert.pem
> ssl_key = </usr/local/etc/dovecot/certs/private_key.pem



> 
> I guess my SSL certificate configuration is not done properly.


How did you generate this? is it really self signed, or is it a CA
signed (you can get free certs)

If it's CA signed, ensure you created it like this (the order *is*
important):
cat mail.crt sub.crt  ca.crt > dovecot.pem

*remove ssl_ca =  ....stuff*
ssl_cert_file = </path/to/dovecot.pem
ssl_key_file = </path/to/mail/mail.key


Been loooong time since I use self signed, but from memory

openssl req -x509 -days 999 -nodes -newkey rsa:2048 -keyout domain.key
-out domain.crt
(and IIRC tou need to ssl_ca = stuff)
dovecot wiki should have the correct format for self signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130319/1a719dc5/attachment.bin>


More information about the dovecot mailing list