[debian-lan-devel] Installation report
Julien Lambot
jlambot at gmail.com
Mon May 6 00:11:12 UTC 2013
>
> This will work a lot better:
> ssl_cert = </etc/dovecot/private/dovecot.pem
> ssl_key = </etc/dovecot/private/dovecot.pem
>
> The private/ directory path was missing
>
Sorry for the noise on the list. It seems that none of the solutions I
proposed was good. The CA cert for dovecot is not the right one.
Is this a known error ? It seems there is no script for dovecot
certificates yet.
I made a quick fix with
ssl_cert = </etc/dovecot/private/dovecot.crt
ssl_key = </etc/dovecot/private/dovecot.key
and the following script based on the ./scripts/MAIL_SERVER/30-certs
./scripts/MAIL_SERVER/31-certs
#!/bin/bash
#
# Create a self-signed certificate for dovecot and switch on TLS.
#
## Create certificate:
DIR=/etc/dovecot/private
CERT=$DIR/dovecot.crt
KEY=$DIR/dovecot.key
# valid for ten years:
DAYS=3650
if [ -f $target/$CERT ] && [ -f $target/$KEY ]; then
echo "$CERT and $KEY exists, exiting!"
exit 0
fi
SSLEAY="$(tempfile -m600 -pexi)"
cat > $target/$SSLEAY <<EOF
RANDOM=/dev/random
[ req ]
default_bits = 1024
default_keyfile = dovecot.key
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[ req_distinguished_name ]
O = Debian-LAN IMAP server
OU = Automatically-generated IMAP SSL key
CN = mainserver.intern
emailAddress = postmaster at mail.intern
[ v3_req ]
nsCertType = server
subjectAltName=DNS:mainserver.intern,DNS:mainserver,DNS:mail.intern,DNS:mail,DNS:localhost
EOF
$ROOTCMD openssl req -config $SSLEAY -x509 -newkey rsa:1024 -keyout $KEY
-out $CERT -days $DAYS -nodes
rm -f $SSLEAY
$ROOTCMD chown root:dovecot $KEY $CERT
$ROOTCMD chmod 640 $KEY $CERT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/debian-lan-devel/attachments/20130506/b3888eae/attachment.html>
More information about the debian-lan-devel
mailing list