#1  
Old 30th November 2006, 10:11
teves teves is offline
Senior Member
 
Join Date: Oct 2006
Posts: 149
Thanks: 27
Thanked 13 Times in 10 Posts
Default SSL certificates

Hello,

I have a small problem with ssl certificates on my ispconfig server. The problem is that I always get the following warning, when I try to look up mail on one of the mail accounts on a hosted domain:

Sicherheitsfehler: Domainnamen stimmen nicht überein
Sie haben versucht, eine Verbindung mit "mail.mydomain.com" aufzubauen. Allerdings gehört das vorgezeigte Sicherheitszertifikat "localhost"...

(security error: domain names do not match. You have tried to establish a connection to "mail.mydomain.com". But the shown security certificate belongs to "localhost"....)

As far as I understand the message, this means, that I did something wrong while creating the certificate, or that the hostname of the mailserver is not set correctly (or something similar).
I know how to re-generate the certificates, or change the mailerver's name, but what would I enter as a hostname?
If I'd enter mail.mydomain.com, it would probably work for that domain, but it would not work for mail.myotherdomain.com, right?
Does that mean I need to use one address for the email server for all the hosted domains, e.g. mail.main-domain.com?

thank you,
regards, Tom
Reply With Quote
Sponsored Links
  #2  
Old 30th November 2006, 10:36
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,189
Thanks: 829
Thanked 5,418 Times in 4,260 Posts
Default

Quote:
Originally Posted by teves
I know how to re-generate the certificates, or change the mailerver's name, but what would I enter as a hostname?
mail.mydomain.com

Quote:
If I'd enter mail.mydomain.com, it would probably work for that domain, but it would not work for mail.myotherdomain.com, right?
yes.

Quote:
Does that mean I need to use one address for the email server for all the hosted domains, e.g. mail.main-domain.com?
Yes, or you live with the warning message. This is not specific to ISPConfig, SSL certificaes are always for one specific domain or a set of subdomains only.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 1st December 2006, 09:52
teves teves is offline
Senior Member
 
Join Date: Oct 2006
Posts: 149
Thanks: 27
Thanked 13 Times in 10 Posts
Default

It seems that I don't know how to re-generate the ssl certificates for postfix. I went through the certificate generation part of Suse perfect setup part 5 chapter 7 again, but the certificate shown in my email client is not the one I built. (yes, I have restarted postfix).

The following Information is given about the certificate owner:
E = postmaster@example.com
CN = localhost
OU = Automatically-generated POP3 SSL key
O = Courier Mail Server
L = New York
ST = NY
C = US


These settings are not in my main.cf and I have given different data in the certificate generation. Can anybody help me here?

thank you,
regards, Tom
Reply With Quote
  #4  
Old 1st December 2006, 10:56
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,189
Thanks: 829
Thanked 5,418 Times in 4,260 Posts
Default

Do you connect with smtps or pop3s? postfix is the smtp(s) daemon, for pop3s and imaps you will have to change the SSL certificates of the pop3 and imap daemon (courier or dovoecot).
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 1st December 2006, 12:06
teves teves is offline
Senior Member
 
Join Date: Oct 2006
Posts: 149
Thanks: 27
Thanked 13 Times in 10 Posts
Default

Hello,

right, that was the mistake.

For people having the same problem:
I edited the files /etc/courier/imapd.cnf and /etc/courier/pop3d.cnf; there you can change the data used for creating certificates.
Then I went to /usr/share/courier-imap, where I deleted the files imapd.pem and pop3d.pem (these are the old certificate files). I executed mkimapdcert and mkpop3dcert; these executables create the new certificates.


Thank you,
regards, Tom
Reply With Quote
  #6  
Old 23rd June 2008, 00:59
mickeb mickeb is offline
Junior Member
 
Join Date: Oct 2007
Posts: 24
Thanks: 0
Thanked 1 Time in 1 Post
Default

How do i restart courier? I cant seem find
Code:
courier-authdaemon restart
-bash: courier-authdaemon: command not found
but i see that there is a courier-authdaemon in init folder..

I recreated cert, but still get the postmaster@example.com

I use debian 4

Edit1: I have imapd.pem on 2 places:
/usr/lib/courier/imapd.pem
/etc/courier/imapd.pem
Shall i delete them both?

edit2: SOLVED!
I removed both and then i run the mkimapdcert and it putted file into /usr/lib/courier/imapd.pem I tried to access mail but it didnt go! So i copy /usr/lib/courier/imapd.pem to /etc/courier/imapd.pem and it worked!!

thx

Last edited by mickeb; 23rd June 2008 at 01:25.
Reply With Quote
  #7  
Old 23rd June 2008, 07:49
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,189
Thanks: 829
Thanked 5,418 Times in 4,260 Posts
 
Default

You will have t use the whole path:

/etc/init.d/courier-authdaemon restart
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL Certificates with OpenSSL heat Technical 3 25th January 2011 14:25
SSL certificates not recognized LumpyOne Installation/Configuration 16 31st March 2008 23:30
SSL Certificates... ctroyp Installation/Configuration 18 30th June 2007 21:56
rebuild ssl certificates for domain change whitty Installation/Configuration 1 6th June 2006 12:12
Chained / intermediate SSL certificates max Installation/Configuration 5 9th December 2005 05:03


All times are GMT +2. The time now is 15:23.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.