imap-uw / cclient SSL cert question
brad davison
demonichandextensions at hotmail.com
Mon Sep 10 13:27:39 PDT 2007
Worked like a charm!
Thanks!
(the self-signed thing is OK.. but there was no way I was going to show it
to the VP with the 'Domain Name Mismatch' error.)
>From: Tommy Scheunemann <net at mail.arrishq.net>
>To: brad davison <demonichandextensions at hotmail.com>
>Subject: Re: imap-uw / cclient SSL cert question
>Date: Mon, 10 Sep 2007 21:20:42 +0200
>
>You can copy:
>
>/usr/ports/mail/imap-uw/files/imapd-uw.cnf
>
>to a temporary directory like /tmp and edit the .cnf file to match your
>needs. Your problem is the host line:
>
>1.commonName_value = localhost
>
>change the "localhost" string to match your host. Then run:
>
>openssl req -new -x509 -days 365 -nodes -config /tmp/imap-uw.cnf
>-out /usr/local/certs/imapd.pem -keyout /usr/local/certs/imapd.pem
>
>Replace /tmp with the temporary directory you used. Then:
>
>openssl x509 -subject -dates -fingerprint -noout -in
>/usr/local/certs/imapd.pem
>chmod 700 /usr/local/certs/imapd.pem
>ln -s /usr/local/certs/imapd.pem /usr/local/certs/ipop3d.pem
>
>Please note that client will still complain about a "self-signed"
>certificate.
>
>Good luck
>
>On Mon, 10 Sep 2007 brad davison <demonichandextensions at hotmail.com>
>babbled:
>
>>I had installed imap-uw port
>># cd /usr/ports/mail/imap-uw
>># make -DWITH_SSL_AND_PLAINTEXT install
>>
>>then i create a certificate with
>>
>># make cert
>>Generating a 1024 bit RSA private key
>>................++++++
>>........++++++
>>writing new private key to '/usr/local/certs/imapd.pem'
>>-----
>>You are about to be asked to enter information that will be incorporated
>>into your certificate request.
>>What you are about to enter is what is called a Distinguished Name or a
>>DN.
>>There are quite a few fields but you can leave some blank
>>For some fields there will be a default value,
>>If you enter '.', the field will be left blank.
>>-----
>>Country Name (2 letter code) [NO]:us
>>State or Province Name (full name) [Some-State]:XXXX
>>Locality Name (eg, city) []:XXXX
>>Organization Name (eg, company) [FooBar Inc.]:XXXX
>>Organizational Unit Name (eg, section) []:XXXX
>>Common Name (FQDN of your server) []:[FQDN of our server]
>>
>>Common Name (default) []:localhost
>>
>>subject= /C=us/ST=XXXX/L=XXXX/O=XXXX/OU=XXXX/CN=[FQDN]/CN=localhost
>>notBefore=Sep 10 16:15:54 2007 GMT
>>notAfter=Sep 9 16:15:54 2008 GMT
>>
>>
>>The field Common Name (default) which is localhost is automatically put
>>in there.
>>
>>When you connect to the mail server with SSL turned on, you examine the
>>cert, and the CN is coming up as Localhost, not the name of our server.
>>
>>Is there a way to generate one that wont cause the Domain Name Mismatch
>>error?
>>
>>I am very new to SSL, so any help or direction on this issue would be
>>most appreciated.
>>
>>Thanks!
>>
>>Brad
>>
>>_________________________________________________________________
>>Get a FREE small business Web site and more from Microsoft® Office Live!
>>http://clk.atdmt.com/MRT/go/aub0930003811mrt/direct/01/
>>
>>_______________________________________________
>>freebsd-questions at freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>To unsubscribe, send any mail to
>>"freebsd-questions-unsubscribe at freebsd.org"
>
>
>
>--
>Life is like a Gladiators fight. First you drink together, then you fight
>each
>other.
>
>-- Lucius Annaeus Seneca (On Anger) - 41 AD
>
_________________________________________________________________
Test your celebrity IQ. Play Red Carpet Reveal and earn great prizes!
http://club.live.com/red_carpet_reveal.aspx?icid=redcarpet_hotmailtextlink2
More information about the freebsd-questions
mailing list