Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 28th April 2006, 17:05
wr19026 wr19026 is offline
Senior Member
 
Join Date: Jan 2006
Posts: 172
Thanks: 7
Thanked 1 Time in 1 Post
Default Postfix, TLS and how to change the certificate

I have the Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV) setup running very well now for a month or two but what is a bit annoying is that every time I (re)start Firefox to access my e-mail I get these warnings about the certificate not being aligned with the host (certificate is for localhost and when I access my mailserver it's via name.domain.dom).

So, here's my question: how do I replace the generic certificate with one I created myself? Is this, as described in the perfect setup (for Ubuntu 5.10 in my case):
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

Whereby all the postconf stuff would be intended as an enhancement to the TLS setup as described in the Virtual Users with Postfix etc. HOWTO.

Any risks if I do what's described above? I'm not running ISPConfig by the way.
Reply With Quote
Sponsored Links
  #2  
Old 29th April 2006, 11:40
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,777
Thanks: 821
Thanked 5,332 Times in 4,184 Posts
Default

Do you get the error message 1) when you send email or 2) when you access your pop3 I imap mailbox?

1) replace the postfix ssl certificate as you posted above.
2) Your problem is related to the certificates used by courier, not postfix.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 29th April 2006, 13:45
wr19026 wr19026 is offline
Senior Member
 
Join Date: Jan 2006
Posts: 172
Thanks: 7
Thanked 1 Time in 1 Post
Default

It's not a real errormessage, more of a warning that the certificate is for another machine (localhost) than the host I'm connecting with. It happens when starting up Firefox (the only e-mail client I use) to connect with my IMAP server.

So I guess that based on your response the issue is not with the Postfix certificates but with the Courier certificates. How do I fix those?
Reply With Quote
  #4  
Old 29th April 2006, 14:29
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
 
Default

Quote:
Originally Posted by wr19026
It happens when starting up Firefox (the only e-mail client I use) to connect with my IMAP server.
ou mean Thunderbird, not Firefox, I guess?

Quote:
Originally Posted by wr19026
So I guess that based on your response the issue is not with the Postfix certificates but with the Courier certificates. How do I fix those?
Have a look here: http://www.howtoforge.com/forums/sho...ht=mkimapdcert
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 22:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.