Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 24th November 2005, 10:19
TheMike TheMike is offline
Junior Member
 
Join Date: Jul 2005
Location: Amsterdam
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default How to manually create a new certificate for uw-imap and ipop?

I installed Debian 3.1 on a machine according to your Perfect setup HOWTO!

Now I have most of it working but I would like to update the two following files:
/etc/ssl/certs/imapd.pem
/etc/ssl/certs/ipo3d.pem
because they are incorrect.
I did not install ISPConfig and I also don't want to use it. (for this specific machine)
So I have to create these certificates manually.

Can someone show me the right step or syntax to do this?
Reply With Quote
Sponsored Links
  #2  
Old 24th November 2005, 10:31
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Please run
Code:
updatedb
locate imap
locate ipop
and post the output here.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 24th November 2005, 11:55
TheMike TheMike is offline
Junior Member
 
Join Date: Jul 2005
Location: Amsterdam
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

output from: locate imap
Code:
/etc/apache2/mods-available/imap.load
/etc/logcheck/ignore.d.paranoid/imap
/etc/logcheck/ignore.d.server/imapproxy
/etc/logcheck/ignore.d.server/uw-imapd
/etc/pam.d/imap
/etc/ssl/certs/imapd.pem
/lib/modules/2.6.8-2-386/modules.pcimap
/usr/include/c++/3.3/backward/multimap.h
/usr/include/c++/3.3/bits/stl_multimap.h
/usr/lib/apache2/modules/mod_imap.so
/usr/lib/mon/mon.d/imap.monitor
/usr/lib/php4/20020429/imap.so
/usr/lib/python2.3/imaplib.py
/usr/lib/python2.3/imaplib.pyc
/usr/lib/python2.3/imaplib.pyo
/usr/sbin/imapd
/usr/share/doc/apache2-doc/manual/mod/mod_imap.html
/usr/share/doc/apache2-doc/manual/mod/mod_imap.html.en
/usr/share/doc/apache2-doc/manual/mod/mod_imap.html.ko.euc-kr
/usr/share/doc/apache2-doc/manual/mod/mod_imap.xml.gz
/usr/share/doc/apache2-doc/manual/mod/mod_imap.xml.ko.gz
/usr/share/doc/apache2-doc/manual/mod/mod_imap.xml.meta
/usr/share/doc/HOWTO/en-txt/Qmail-VMailMgr-Courier-imap-HOWTO.gz
/usr/share/doc/libc-client2002edebian/imaprc.txt.gz
/usr/share/doc/php4-imap
/usr/share/doc/uw-imapd
/usr/share/doc/uw-imapd/bugs.txt.gz
/usr/share/doc/uw-imapd/buildinfo.gz
/usr/share/doc/uw-imapd/changelog.Debian.gz
/usr/share/doc/uw-imapd/copyright
/usr/share/doc/uw-imapd/NEWS.Debian.gz
/usr/share/doc/uw-imapd/README.Debian
/usr/share/doc/uw-imapd/RELNOTES.gz
/usr/share/doc/uw-imapd-ssl
/usr/share/doc/uw-imapd-ssl/buildinfo.gz
/usr/share/doc/uw-imapd-ssl/changelog.Debian.gz
/usr/share/doc/uw-imapd-ssl/copyright
/usr/share/doc/uw-imapd-ssl/NEWS.Debian.gz
/usr/share/doc/uw-imapd-ssl/README.Debian
/usr/share/doc/uw-imapd/TODO.Debian
/usr/share/linda/overrides/uw-imapd
/usr/share/lintian/overrides/php4-imap
/usr/share/lintian/overrides/uw-imapd
/usr/share/man/man8/imapd.8C.gz
/usr/share/webmin/apache/mod_imap.pl
/var/cache/apt/archives/php4-imap_4%3a4.3.10-16_i386.deb
/var/cache/apt/archives/uw-imapd-ssl_7%3a2002edebian1-11sarge1_all.deb
/var/lib/dpkg/info/php4-imap.config
/var/lib/dpkg/info/php4-imap.list
/var/lib/dpkg/info/php4-imap.md5sums
/var/lib/dpkg/info/php4-imap.postinst
/var/lib/dpkg/info/php4-imap.postrm
/var/lib/dpkg/info/php4-imap.prerm
/var/lib/dpkg/info/php4-imap.templates
/var/lib/dpkg/info/uw-imapd.conffiles
/var/lib/dpkg/info/uw-imapd.config
/var/lib/dpkg/info/uw-imapd.list
/var/lib/dpkg/info/uw-imapd.md5sums
/var/lib/dpkg/info/uw-imapd.postinst
/var/lib/dpkg/info/uw-imapd.postrm
/var/lib/dpkg/info/uw-imapd.preinst
/var/lib/dpkg/info/uw-imapd-ssl.list
/var/lib/dpkg/info/uw-imapd-ssl.md5sums
/var/lib/dpkg/info/uw-imapd.templates
output from: locate ipop
Code:
/etc/logcheck/ignore.d.server/ipopd
/etc/ssl/certs/ipop3d.pem
/usr/sbin/ipop2d
/usr/sbin/ipop3d
/usr/share/doc/ipopd
/usr/share/doc/ipopd/buildinfo.gz
/usr/share/doc/ipopd/changelog.Debian.gz
/usr/share/doc/ipopd/copyright
/usr/share/doc/ipopd/NEWS.Debian.gz
/usr/share/doc/ipopd/README.Debian
/usr/share/doc/ipopd-ssl
/usr/share/doc/ipopd-ssl/buildinfo.gz
/usr/share/doc/ipopd-ssl/changelog.Debian.gz
/usr/share/doc/ipopd-ssl/copyright
/usr/share/doc/ipopd-ssl/NEWS.Debian.gz
/usr/share/doc/ipopd-ssl/README.Debian
/usr/share/linda/overrides/ipopd
/usr/share/lintian/overrides/ipopd
/usr/share/man/man8/ipop2d.8C.gz
/usr/share/man/man8/ipop3d.8C.gz
/usr/share/man/man8/ipopd.8C.gz
/var/cache/apt/archives/ipopd_7%3a2002edebian1-11sarge1_i386.deb
/var/cache/apt/archives/ipopd-ssl_7%3a2002edebian1-11sarge1_all.deb
/var/lib/dpkg/info/ipopd.conffiles
/var/lib/dpkg/info/ipopd.config
/var/lib/dpkg/info/ipopd.list
/var/lib/dpkg/info/ipopd.md5sums
/var/lib/dpkg/info/ipopd.postinst
/var/lib/dpkg/info/ipopd.postrm
/var/lib/dpkg/info/ipopd.preinst
/var/lib/dpkg/info/ipopd-ssl.list
/var/lib/dpkg/info/ipopd-ssl.md5sums
/var/lib/dpkg/info/ipopd.templates

Last edited by TheMike; 24th November 2005 at 15:27.
Reply With Quote
  #4  
Old 24th November 2005, 22:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Hm, I thought there might be a program that allows to re-create the certificates, but obviously there isn't for imapd and ipop3d. For Courier there's such a program...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 25th November 2005, 13:45
TheMike TheMike is offline
Junior Member
 
Join Date: Jul 2005
Location: Amsterdam
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I think I managed it without the help of a tool!

This example is for Debian 3.1 and worked for me, it is neccesary to create your own Certificate Authority (CA) and sign it yourself or otherwise purchase a "real" X.509 certificate signed by a Certificate Authority (CA).

Please adjust paths if they are different on your system!

Code:
////////////////////////////////////////////////////
//Setup a TLS-enabled POP3/IMAP server
//We need to make crypto keys and certificates.
//Without them, TLS/SSL will not work.
////////////////////////////////////////////////////
//Create the key:
openssl genrsa -out ipop3d.pem 1024
chmod 0400 ipop3d.pem
cp -v ipop3d.pem /etc/ssl/keys
////////////////////////////////////////////////////
//Creating The CSR:
openssl req -new -key ipop3d.pem -out ipop3d.csr
mv ipop3d.csr /etc/ssl/csrs
////////////////////////////////////////////////////
//Signing the CSR:
openssl x509 -req -days 3650 -sha1 -CAcreateserial -in /etc/ssl/csrs/ipop3d.csr -CA /etc/ssl/certs/ca.domain.com.crt -CAkey /etc/ssl/keys/ca.domain.com.key -out ipop3d-cert.pem
chmod 0400 ipop3*
cat ipop3d-cert.pem >> ipop3d.pem
cp -v ipop3d.pem /etc/ssl/certs
cp -v ipop3d.pem /etc/ssl/certs/imapd.pem
Regards,
TheMike
Reply With Quote
  #6  
Old 25th November 2005, 17:55
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Thanks for the tip!
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 2nd December 2005, 08:12
themachine themachine is offline
Senior Member
 
Join Date: Oct 2005
Location: Texas, USA
Posts: 109
Thanks: 0
Thanked 0 Times in 0 Posts
Default

For future reference you can check out this howto as well:

http://www.5dollarwhitebox.org/wiki/...L_Certificates
__________________
themachine
5dollarwhitebox.org
Reply With Quote
  #8  
Old 7th January 2007, 21:58
meldron meldron is offline
Junior Member
 
Join Date: Dec 2006
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I followed this guide step by step, but i don't get a working certificate. Something changed in the last year?
Reply With Quote
  #9  
Old 8th January 2007, 23:24
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Do you use Debian Sarge?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 8th January 2007, 23:35
meldron meldron is offline
Junior Member
 
Join Date: Dec 2006
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Yes, Debian Sarge 3.1

I was able to create a new one with the /var/lib/dpkg/info/ipopd.postinst. But with a manual created certificate i always get a authentification failure.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 22:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.