FC2: Dovecot, Unable to produce self signed SSL certificate
David Keen
zen46443 at zen.co.uk
Wed Jun 23 18:26:45 UTC 2004
On Wed, 2004-06-23 at 13:51, Tony Ransom wrote:
> I've been trying for a couple of days to produce a self signed
> certificate for Dovecot. (I never had any problem with UW-imap)
>
> Using the provided mkcert.sh, I found the following problems:
>
> 1. The SSLDIR variable was incorrect. Got the error message -
>
> /etc/ssl/certs directory doesn't exist
> /etc/ssl/private directory doesn't exist.
>
> I changed this to point to /usr/share/ssl
Yep.
> 2. When I ran again ran the script, it complained:
>
> /usr/share/ssl/certs/imapd.pem already exists, won't overwrite. Why
> imapd.pem, when there is a dovecot.pem file?
>
> 3. I commented out the checks in the script file that look for
> existing dovecot.pem files. It ran further this time. I got:
>
>
> Generating a 1024 bit RSA private key
> .......................................++++++
> .........++++++
> writing new private key to '/usr/share/ssl/private/imapd.pem'
> -----
>
> subject= /OU=IMAP POP
> server/CN=server.aeran.info/emailAddress=admin at aeran.info
> MD5 Fingerprint=4A:6C:7C:9F:E7:BD:38:04:3F:81:1D:69:DE:17:9B:DA
>
> Note it wrote 'imapd.pem' not 'dovecot.pem' as I would have expected.
>
> It didn't write dovecot.pem into /usr/share/ssl/certs
>
> Dovecot won't start if the .pem files are not correct. You get:
>
> Jun 23 21:39:39 server imap-login: Can't load private key file
> /usr/share/ssl/private/dovecot.pem: error:0B080074:x509 certificate
> routines:X509_check_private_key:key values mismatch
>
> What is going on here??
>
> Why two certificates? Should they be imapd.pem or dovecot.pem?
>
> I've done a lot of googling, and looking in the dovecot lists, trying
> to find an answer. No luck.
>
> Could someone please look into this?
I also had to modify the following in my mkcert.sh:
CERTFILE=$SSLDIR/certs/dovecot.pem
KEYFILE=$SSLDIR/private/dovecot.pem
--
David Keen
More information about the fedora-list
mailing list