From owner-freebsd-questions@FreeBSD.ORG Thu Oct 11 17:01:15 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8201516A46C for ; Thu, 11 Oct 2007 17:01:15 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from ezekiel.daleco.biz (southernuniform.com [66.76.92.18]) by mx1.freebsd.org (Postfix) with ESMTP id 3E41B13C48E for ; Thu, 11 Oct 2007 17:01:14 +0000 (UTC) (envelope-from kdk@daleco.biz) Received: from localhost (localhost [127.0.0.1]) by ezekiel.daleco.biz (8.13.8/8.13.8) with ESMTP id l9BH1D29059689; Thu, 11 Oct 2007 12:01:13 -0500 (CDT) (envelope-from kdk@daleco.biz) X-Virus-Scanned: amavisd-new at daleco.biz Received: from ezekiel.daleco.biz ([127.0.0.1]) by localhost (ezekiel.daleco.biz [127.0.0.1]) (amavisd-new, port 10024) with LMTP id G+tPkfmkXt1z; Thu, 11 Oct 2007 12:01:09 -0500 (CDT) Received: from archangel.daleco.biz (dsl.daleco.biz [209.125.108.70]) by ezekiel.daleco.biz (8.13.8/8.13.8) with ESMTP id l9BH18BY059676; Thu, 11 Oct 2007 12:01:08 -0500 (CDT) (envelope-from kdk@daleco.biz) Message-ID: <470E56CE.60307@daleco.biz> Date: Thu, 11 Oct 2007 12:01:02 -0500 From: Kevin Kinsey User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.2) Gecko/20070418 SeaMonkey/1.1.1 MIME-Version: 1.0 To: brad davison References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-questions@freebsd.org" Subject: Re: Installing Thawte Certificate on imap pop smtp X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Oct 2007 17:01:15 -0000 brad davison wrote: > I currently have self-signed certificates on our mail server, but they are now expired. > > I have just received the CA-crt back from thawte. I have the webmail portion completed with installing the certificates, but I am having some issues with getting them installed on SMTP. > > I tried to put them in as the *.crt and *.key files, but sendmail didn't like that. > > The temporary certificates installed are: > define(`confCACERT_PATH', `/etc/mail/certs')dnl > define(`confCACERT', `/etc/mail/certs/mycert.pem')dnl > define(`confSERVER_CERT', `/etc/mail/certs/mycert.pem')dnl > define(`confSERVER_KEY', `/etc/mail/certs/mykey.pem')dnl > define(`confCLIENT_CERT', `/etc/mail/certs/mycert.pem')dnl > define(`confCLIENT_KEY', `/etc/mail/certs/mykey.pem')dnl > > and the certs i have generated and sent to thawte are: > > mail.server.name.crt (signed from thawte) > mail.server.name.csr (what I generated and sent to them) > mail.server.name.key > > Any help on how to get this converted from the files i have to *.pem files would be much appreciated! > > (our temporary certificates are now expired and I have to get these installed ASAP) > > THANKS! Maybe you already got this solved? Mebbe `openssl x509 -inform der -in MYCERT.crt -out MYCERT.pem` ? IANAE, so I'd use make sure I had a backup copy of your *crt. HTH, Kevin Kinsey -- Most people have a mind that's open by appointment only.