Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 23rd January 2006, 13:37
jimwil jimwil is offline
Junior Member
 
Join Date: Jan 2006
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Final hurdle: How to generate SSL Certificate for Outlook?

Hi all, my first post here :-)

I've just followed the EXCELLENT article here:

http://www.howtoforge.com/perfect_setup_ubuntu_5.10

and I now have a fully working server running postfix etc.

I'm looking for some final final help, and that is: how can I generate a certificate for Microsoft Outlook, so that I cna use postfix in TLS (SSL) mode? I know I need to export in p12 format using openssl but I just don't know the correct parameters.

As per the HOWTO document above, my files are

/etc/postfix/ssl/cacert.pem
/etc/postfix/ssl/cakey.pem
/etc/postfix/ssl/smtpd.crt
/etc/postfix/ssl/smtpd.csr
/etc/postfix/ssl/smtpd.key

I can export a certificate, and import it on WIndoze (via Internet Explorer), and I have chanegd /etc/postfix/main.cf to have smtpd_tls_auth_only = yes, but when I send within Outlook i get the annoying "certificate isn;t trusted do you want to continue" - with every message I send! Obviosuly I'd like to suppress that message as I know the server is trusted.

Many thanks in advance,



Jim
Reply With Quote
Sponsored Links
  #2  
Old 23rd January 2006, 17:49
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

You simply have to generate certificates with the correct details, then this warning message will disappear.

You can re-create the certificate by doing the steps on http://www.howtoforge.com/perfect_setup_ubuntu_5.10_p4 again.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 23rd January 2006, 18:12
jimwil jimwil is offline
Junior Member
 
Join Date: Jan 2006
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Sorry, i think you've misunderstood me. The certificates on my server are fine, I can login via telnet and STARTTLS etc. But what I need is a certificate which I can then import into Outlook.

Can I already use the files on my server? If so, which ones are they?

Many thanks,


Jim
Reply With Quote
  #4  
Old 23rd January 2006, 20:16
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

I've never heard of certificate files that you must import into Outlook.
If the certificates on the server are correct, then the warning will disappear.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 23rd January 2006, 20:37
jimwil jimwil is offline
Junior Member
 
Join Date: Jan 2006
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Not quite.

My certificates are self-signed, as per the instructions in the howto. When you send to that mailserver using SSL Outlook prompts you with:

"The server you are connecting to is using a security certificate that could not be verified.

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Do you want to contiune using this server?"



If you choose YES then you can send through the mailserver quite happily. But as soon as you quit Outlook and restart it, you get the warning again. Which is obviously a PITA.

The internet is absolutely riddled with similar questions (search google for Outlook root certificate "could not be verified") but I just cannot find a definitive answer which matches the steps I've gone through in the howto.

i.e. the HOWTO tells me how to setup the server, but I need to final steps to create the certificate for import into the client.

The stuff at http://ohno.mrbill.net/pipermail/lin...il/001100.html looks okay, but I still can't seem to get the right combination of ciles and parameters.

Heeeeelllllpppppppppp!!!!!! (please)

Jim
Reply With Quote
  #6  
Old 24th January 2006, 13:13
jimwil jimwil is offline
Junior Member
 
Join Date: Jan 2006
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Thumbs up

Okay, I'm answering my own quesion, but it's for the benefit of others trying to do the same thing.

My mistake was missing the -inkey parameter to openssl. So, assuming you have followed the precise instructions in the Breezy howto (http://www.howtoforge.com/perfect_setup_ubuntu_5.10), you can create a certificate for Outlook using the following:

cd /etc/postfix/ssl/

openssl pkcs12 -export -in smtpd.crt -inkey smtpd.key -out OutlookSMTP.p12

Then import the OutlookSMTP.p12 file into the Trusted Root Certification Authorities store within Internet Explorer (Tools -> Internet Options -> Content -> Certificates, or by just double-clicking it). You will then be free to establish an SSL connection within Outlook to enforce tighter security.

Hope this helps others. Perhaps this HOWTO could be edited to put this as an optional step?


Jim
Reply With Quote
  #7  
Old 24th January 2006, 13:21
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,077
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

Thanks for posting the solution I will add it to the howto.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 28th June 2008, 07:06
rdtech rdtech is offline
Member
 
Join Date: Mar 2008
Posts: 74
Thanks: 0
Thanked 0 Times in 0 Posts
Default

thanks for the advise. thats what I was looking for.
Reply With Quote
  #9  
Old 28th June 2008, 07:11
rdtech rdtech is offline
Member
 
Join Date: Mar 2008
Posts: 74
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

If I have multiple web sites, do I use the same cert for all of them to put in their outlook(IE)

Now does this effect the any other ssl websites in the server.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
from http to https after installation? Mahir Installation/Configuration 25 7th December 2005 20:40


All times are GMT +2. The time now is 14:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.