*See post above..*
Just a small question about the courier SSL certificate.. (I hope this is the right thread to post this.) As you can see from my post above I managed to re-generate the SSL certificates for ISPConfig. Thanks to the 'perfect setup' howto for ubuntu 7.10 I also managed to do this for the postfix SSL certificate, which was also giving me an error about non-matching domains. It all works very smoothly now, except for the Courier pop3-ssl server. Since that SSL certificate is auto-generated by courier upon installation I don't know how to modify it in order to get matching domains. In fact, all I want to do is change the 'Common name' setting of the certificate. To do this I suppose I need to regenerate the certificate for courier. Does anyone know a way to do this without messing up anything?
Ok, I also managed to solve this one.
Sorry for these self-answered posts, but I'm posting them anyway in case someone else is having the same problem. In order to get the Courier pop3 SSL certificate working I did the following:
(WARNING! This worked for me, I am not sure it will work for everyone. I am running an Ubuntu 7.10 'perfect server', installed using the Perfect Server Howto found here. If you are running something else, at least check the paths before trying this. Also, I am not aware of any nasty side-effects. For me there don't seem to be any.)
- First edit the file '/etc/courier/pop3d.cnf' This contains the defaults used by mkpop3dcert (the tool used by courier to create a self-signed certificate).
# vim /etc/courier/pop3d.cnf
- Then re-generate the .pem file using mkpop3dcert. (Perhaps it is wise to backup the original first..)
# cd /usr/lib/courier
# cp pop3d.pem pop3d.pem-orig
(As you can see I did not add './' to the mkpop3dcert command. It seems to be in my path..)
- Next we copy the new .pem to the dir used by courier. (I also backup the original first..)
# cp /etc/courier/pop3d.pem /etc/courier/pop3d.pem-orig
# cp /usr/lib/courier/pop3d.pem /etc/courier/pop3d.pem
- And make sure the permissions are correct.
# chmod 600 /etc/courier/pop3d.pem
- Finally reload the courier ssl server.
# /etc/init.d/courier-pop-ssl force-reload