Certificates Warning + Virtual Users And Domains With Postfix, Courier And MySQL

Discussion in 'HOWTO-Related Questions' started by algonco, Jan 16, 2008.

  1. algonco

    algonco New Member

    When i check the mail, always there is warning about pop certificates.
    by default ubuntu uses an auto generated certifcate to "localhost".
    I tested one way to fixed it but i not sure that is it the right way to do it.

    sudo cat /etc/postfix/smtpd.cert > pop3d.pem
    sudo openssl gendh >> pop3d.pem
    sudo cat /etc/postfix/smtpd.key >> pop3d.pem
    sudo chmod 600 pop3d.pem
    them i replace the default pop3d.pem at /etc/couirer and restart the service.

  2. volksman

    volksman New Member

    The error message is likely more due to the fact that the certificate is self-signed and therefore no trusted. You would need to purchase a certificate to make the error disappear properly. Alternatively you can just save the certificate in your mail client and it will never ask again (basically you tell your mail client that you do trust the cert).
  3. algonco

    algonco New Member

    Thats right, but i was talking about when the pop server and the hostname of the certificate are no the same.
    The default certificate is for "localhost", and the pop server is like "mail.mydomain.com" then there is the warning, because the conection is for a host named "mail.mydomain.com" and the certificate is for "localhost".

    I tested that and it works.

  4. falko

    falko Super Moderator ISPConfig Developer

    You could use mkimpadcert and mkpop3dcert to create new certificates.
  5. algonco

    algonco New Member

    this is what i loooking for.

  6. PhilyWisk

    PhilyWisk New Member

    *correction* to falko's post that command was mkimapdcert

    I think the solution you want alonco is to:

    change /usr/lib/courier/imapd.cnf and /usr/lib/courier/pop3d.cnf to the values you want, then delete /usr/lib/courier/imapd.pem and /usr/lib/courier/pop3d.pem, run both mkimapdcert and mkpop3dcert and finally copy both /usr/lib/courier/imapd.cnf and /usr/lib/courier/pop3d.cnf to the /etc/courier/ dir replacing the two active certificates.

    Using this method I have managed to remove the warnings for one domain, but not figured out how to do this for each of my domains.

    Any suggestions?
    Last edited: Feb 21, 2008
  7. PhilyWisk

    PhilyWisk New Member

    By the way, I am having no problems with the POP & IMAP certificates but my SMTP one keeps the localhost as the fully qualified domain name, here is what falko's tutorial says:
    cd /etc/postfix
    openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509
    <-- Enter your Country Name (e.g., "DE").
    <-- Enter your State or Province Name.
    <-- Enter your City.
    <-- Enter your Organization Name (e.g., the name of your company).
    <-- Enter your Organizational Unit Name (e.g. "IT Department").
    <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
    <-- Enter your Email Address.
    chmod o= /etc/postfix/smtpd.ke
    however I am never asked the question
    <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").

    That was me being stupid, I wasn't asked the exact questions above, instead I was asked something along the lines of
    <-- Your Name
    Turns out these are one and the same thing.
    Last edited: Feb 21, 2008

Share This Page