Date: Mon, 10 Sep 2007 20:27:37 +0000 From: "brad davison" <demonichandextensions@hotmail.com> To: freebsd-questions@freebsd.org Subject: Re: imap-uw / cclient SSL cert question Message-ID: <BLU116-F132C0961B7F0507EA40788A1C00@phx.gbl> In-Reply-To: <20070910212042.13x6fox85c88gckc@zeus.arrishq.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Worked like a charm! Thanks! (the self-signed thing is OK.. but there was no way I was going to show it to the VP with the 'Domain Name Mismatch' error.) >From: Tommy Scheunemann <net@mail.arrishq.net> >To: brad davison <demonichandextensions@hotmail.com> >Subject: Re: imap-uw / cclient SSL cert question >Date: Mon, 10 Sep 2007 21:20:42 +0200 > >You can copy: > >/usr/ports/mail/imap-uw/files/imapd-uw.cnf > >to a temporary directory like /tmp and edit the .cnf file to match your >needs. Your problem is the host line: > >1.commonName_value = localhost > >change the "localhost" string to match your host. Then run: > >openssl req -new -x509 -days 365 -nodes -config /tmp/imap-uw.cnf >-out /usr/local/certs/imapd.pem -keyout /usr/local/certs/imapd.pem > >Replace /tmp with the temporary directory you used. Then: > >openssl x509 -subject -dates -fingerprint -noout -in >/usr/local/certs/imapd.pem >chmod 700 /usr/local/certs/imapd.pem >ln -s /usr/local/certs/imapd.pem /usr/local/certs/ipop3d.pem > >Please note that client will still complain about a "self-signed" >certificate. > >Good luck > >On Mon, 10 Sep 2007 brad davison <demonichandextensions@hotmail.com> >babbled: > >>I had installed imap-uw port >># cd /usr/ports/mail/imap-uw >># make -DWITH_SSL_AND_PLAINTEXT install >> >>then i create a certificate with >> >># make cert >>Generating a 1024 bit RSA private key >>................++++++ >>........++++++ >>writing new private key to '/usr/local/certs/imapd.pem' >>----- >>You are about to be asked to enter information that will be incorporated >>into your certificate request. >>What you are about to enter is what is called a Distinguished Name or a >>DN. >>There are quite a few fields but you can leave some blank >>For some fields there will be a default value, >>If you enter '.', the field will be left blank. >>----- >>Country Name (2 letter code) [NO]:us >>State or Province Name (full name) [Some-State]:XXXX >>Locality Name (eg, city) []:XXXX >>Organization Name (eg, company) [FooBar Inc.]:XXXX >>Organizational Unit Name (eg, section) []:XXXX >>Common Name (FQDN of your server) []:[FQDN of our server] >> >>Common Name (default) []:localhost >> >>subject= /C=us/ST=XXXX/L=XXXX/O=XXXX/OU=XXXX/CN=[FQDN]/CN=localhost >>notBefore=Sep 10 16:15:54 2007 GMT >>notAfter=Sep 9 16:15:54 2008 GMT >> >> >>The field Common Name (default) which is localhost is automatically put >>in there. >> >>When you connect to the mail server with SSL turned on, you examine the >>cert, and the CN is coming up as Localhost, not the name of our server. >> >>Is there a way to generate one that wont cause the Domain Name Mismatch >>error? >> >>I am very new to SSL, so any help or direction on this issue would be >>most appreciated. >> >>Thanks! >> >>Brad >> >>_________________________________________________________________ >>Get a FREE small business Web site and more from Microsoft® Office Live! >>http://clk.atdmt.com/MRT/go/aub0930003811mrt/direct/01/ >> >>_______________________________________________ >>freebsd-questions@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>To unsubscribe, send any mail to >>"freebsd-questions-unsubscribe@freebsd.org" > > > >-- >Life is like a Gladiators fight. First you drink together, then you fight >each >other. > >-- Lucius Annaeus Seneca (On Anger) - 41 AD > _________________________________________________________________ Test your celebrity IQ. Play Red Carpet Reveal and earn great prizes! http://club.live.com/red_carpet_reveal.aspx?icid=redcarpet_hotmailtextlink2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU116-F132C0961B7F0507EA40788A1C00>