Postfix, TLS and how to change the certificate

[wr19026]

I have the Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV) setup running very well now for a month or two but what is a bit annoying is that every time I (re)start Firefox to access my e-mail I get these warnings about the certificate not being aligned with the host (certificate is for localhost and when I access my mailserver it's via name.domain.dom).

So, here's my question: how do I replace the generic certificate with one I created myself? Is this, as described in the perfect setup (for Ubuntu 5.10 in my case):
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

Whereby all the postconf stuff would be intended as an enhancement to the TLS setup as described in the Virtual Users with Postfix etc. HOWTO.

Any risks if I do what's described above? I'm not running ISPConfig by the way.

[till]

Do you get the error message 1) when you send email or 2) when you access your pop3 I imap mailbox?

1) replace the postfix ssl certificate as you posted above.
2) Your problem is related to the certificates used by courier, not postfix.

[wr19026]

It's not a real errormessage, more of a warning that the certificate is for another machine (localhost) than the host I'm connecting with. It happens when starting up Firefox (the only e-mail client I use) to connect with my IMAP server.

So I guess that based on your response the issue is not with the Postfix certificates but with the Courier certificates. How do I fix those?

[falko]

Quote:

Originally Posted by wr19026

It happens when starting up Firefox (the only e-mail client I use) to connect with my IMAP server.

ou mean Thunderbird, not Firefox, I guess?

Quote:

Originally Posted by wr19026

So I guess that based on your response the issue is not with the Postfix certificates but with the Courier certificates. How do I fix those?

Have a look here: http://www.howtoforge.com/forums/sho...ht=mkimapdcert