SSL certificates

[teves]

Hello,

I have a small problem with ssl certificates on my ispconfig server. The problem is that I always get the following warning, when I try to look up mail on one of the mail accounts on a hosted domain:

Sicherheitsfehler: Domainnamen stimmen nicht überein
Sie haben versucht, eine Verbindung mit "mail.mydomain.com" aufzubauen. Allerdings gehört das vorgezeigte Sicherheitszertifikat "localhost"...

(security error: domain names do not match. You have tried to establish a connection to "mail.mydomain.com". But the shown security certificate belongs to "localhost"....)

As far as I understand the message, this means, that I did something wrong while creating the certificate, or that the hostname of the mailserver is not set correctly (or something similar).
I know how to re-generate the certificates, or change the mailerver's name, but what would I enter as a hostname?
If I'd enter mail.mydomain.com, it would probably work for that domain, but it would not work for mail.myotherdomain.com, right?
Does that mean I need to use one address for the email server for all the hosted domains, e.g. mail.main-domain.com?

thank you,
regards, Tom

[till]

Quote:

Originally Posted by teves

I know how to re-generate the certificates, or change the mailerver's name, but what would I enter as a hostname?

mail.mydomain.com

Quote:

If I'd enter mail.mydomain.com, it would probably work for that domain, but it would not work for mail.myotherdomain.com, right?

yes.

Quote:

Does that mean I need to use one address for the email server for all the hosted domains, e.g. mail.main-domain.com?

Yes, or you live with the warning message. This is not specific to ISPConfig, SSL certificaes are always for one specific domain or a set of subdomains only.

[teves]

It seems that I don't know how to re-generate the ssl certificates for postfix. I went through the certificate generation part of Suse perfect setup part 5 chapter 7 again, but the certificate shown in my email client is not the one I built. (yes, I have restarted postfix).

The following Information is given about the certificate owner:
E = postmaster@example.com
CN = localhost
OU = Automatically-generated POP3 SSL key
O = Courier Mail Server
L = New York
ST = NY
C = US

These settings are not in my main.cf and I have given different data in the certificate generation. Can anybody help me here?

thank you,
regards, Tom

[till]

Do you connect with smtps or pop3s? postfix is the smtp(s) daemon, for pop3s and imaps you will have to change the SSL certificates of the pop3 and imap daemon (courier or dovoecot).

[teves]

Hello,

right, that was the mistake.

For people having the same problem:
I edited the files /etc/courier/imapd.cnf and /etc/courier/pop3d.cnf; there you can change the data used for creating certificates.
Then I went to /usr/share/courier-imap, where I deleted the files imapd.pem and pop3d.pem (these are the old certificate files). I executed mkimapdcert and mkpop3dcert; these executables create the new certificates.


Thank you,
regards, Tom

[mickeb]

How do i restart courier? I cant seem find

Code:

courier-authdaemon restart
-bash: courier-authdaemon: command not found

but i see that there is a courier-authdaemon in init folder..

I recreated cert, but still get the postmaster@example.com

I use debian 4

Edit1: I have imapd.pem on 2 places:
/usr/lib/courier/imapd.pem
/etc/courier/imapd.pem
Shall i delete them both?

edit2: SOLVED!
I removed both and then i run the mkimapdcert and it putted file into /usr/lib/courier/imapd.pem I tried to access mail but it didnt go! So i copy /usr/lib/courier/imapd.pem to /etc/courier/imapd.pem and it worked!!

thx

[till]

You will have t use the whole path:

/etc/init.d/courier-authdaemon restart