From owner-freebsd-questions@FreeBSD.ORG Mon Sep 10 20:27:39 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7566D16A419 for ; Mon, 10 Sep 2007 20:27:39 +0000 (UTC) (envelope-from demonichandextensions@hotmail.com) Received: from bay0-omc2-s31.bay0.hotmail.com (bay0-omc2-s31.bay0.hotmail.com [65.54.246.167]) by mx1.freebsd.org (Postfix) with ESMTP id 4A6A213C442 for ; Mon, 10 Sep 2007 20:27:39 +0000 (UTC) (envelope-from demonichandextensions@hotmail.com) Received: from hotmail.com ([10.6.19.93]) by bay0-omc2-s31.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 10 Sep 2007 13:27:38 -0700 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 10 Sep 2007 13:27:38 -0700 Message-ID: Received: from 67.59.9.34 by bl116fd.blu116.hotmail.msn.com with HTTP; Mon, 10 Sep 2007 20:27:37 GMT X-Originating-IP: [67.59.9.34] X-Originating-Email: [demonichandextensions@hotmail.com] X-Sender: demonichandextensions@hotmail.com In-Reply-To: <20070910212042.13x6fox85c88gckc@zeus.arrishq.net> From: "brad davison" To: freebsd-questions@freebsd.org Date: Mon, 10 Sep 2007 20:27:37 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 10 Sep 2007 20:27:38.0486 (UTC) FILETIME=[07AA0160:01C7F3E9] Subject: Re: imap-uw / cclient SSL cert question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2007 20:27:39 -0000 Worked like a charm! Thanks! (the self-signed thing is OK.. but there was no way I was going to show it to the VP with the 'Domain Name Mismatch' error.) >From: Tommy Scheunemann >To: brad davison >Subject: Re: imap-uw / cclient SSL cert question >Date: Mon, 10 Sep 2007 21:20:42 +0200 > >You can copy: > >/usr/ports/mail/imap-uw/files/imapd-uw.cnf > >to a temporary directory like /tmp and edit the .cnf file to match your >needs. Your problem is the host line: > >1.commonName_value = localhost > >change the "localhost" string to match your host. Then run: > >openssl req -new -x509 -days 365 -nodes -config /tmp/imap-uw.cnf >-out /usr/local/certs/imapd.pem -keyout /usr/local/certs/imapd.pem > >Replace /tmp with the temporary directory you used. Then: > >openssl x509 -subject -dates -fingerprint -noout -in >/usr/local/certs/imapd.pem >chmod 700 /usr/local/certs/imapd.pem >ln -s /usr/local/certs/imapd.pem /usr/local/certs/ipop3d.pem > >Please note that client will still complain about a "self-signed" >certificate. > >Good luck > >On Mon, 10 Sep 2007 brad davison >babbled: > >>I had installed imap-uw port >># cd /usr/ports/mail/imap-uw >># make -DWITH_SSL_AND_PLAINTEXT install >> >>then i create a certificate with >> >># make cert >>Generating a 1024 bit RSA private key >>................++++++ >>........++++++ >>writing new private key to '/usr/local/certs/imapd.pem' >>----- >>You are about to be asked to enter information that will be incorporated >>into your certificate request. >>What you are about to enter is what is called a Distinguished Name or a >>DN. >>There are quite a few fields but you can leave some blank >>For some fields there will be a default value, >>If you enter '.', the field will be left blank. >>----- >>Country Name (2 letter code) [NO]:us >>State or Province Name (full name) [Some-State]:XXXX >>Locality Name (eg, city) []:XXXX >>Organization Name (eg, company) [FooBar Inc.]:XXXX >>Organizational Unit Name (eg, section) []:XXXX >>Common Name (FQDN of your server) []:[FQDN of our server] >> >>Common Name (default) []:localhost >> >>subject= /C=us/ST=XXXX/L=XXXX/O=XXXX/OU=XXXX/CN=[FQDN]/CN=localhost >>notBefore=Sep 10 16:15:54 2007 GMT >>notAfter=Sep 9 16:15:54 2008 GMT >> >> >>The field Common Name (default) which is localhost is automatically put >>in there. >> >>When you connect to the mail server with SSL turned on, you examine the >>cert, and the CN is coming up as Localhost, not the name of our server. >> >>Is there a way to generate one that wont cause the Domain Name Mismatch >>error? >> >>I am very new to SSL, so any help or direction on this issue would be >>most appreciated. >> >>Thanks! >> >>Brad >> >>_________________________________________________________________ >>Get a FREE small business Web site and more from Microsoft® Office Live! >>http://clk.atdmt.com/MRT/go/aub0930003811mrt/direct/01/ >> >>_______________________________________________ >>freebsd-questions@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>To unsubscribe, send any mail to >>"freebsd-questions-unsubscribe@freebsd.org" > > > >-- >Life is like a Gladiators fight. First you drink together, then you fight >each >other. > >-- Lucius Annaeus Seneca (On Anger) - 41 AD > _________________________________________________________________ Test your celebrity IQ.  Play Red Carpet Reveal and earn great prizes! http://club.live.com/red_carpet_reveal.aspx?icid=redcarpet_hotmailtextlink2