How to manually create a new certificate for uw-imap and ipop?

Discussion in 'HOWTO-Related Questions' started by TheMike, Nov 24, 2005.

  1. TheMike

    TheMike New Member

    I installed Debian 3.1 on a machine according to your Perfect setup HOWTO!

    Now I have most of it working but I would like to update the two following files:
    /etc/ssl/certs/imapd.pem
    /etc/ssl/certs/ipo3d.pem
    because they are incorrect.
    I did not install ISPConfig and I also don't want to use it. (for this specific machine)
    So I have to create these certificates manually.

    Can someone show me the right step or syntax to do this?
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Please run
    Code:
    updatedb
    locate imap
    locate ipop
    and post the output here.
     
  3. TheMike

    TheMike New Member

    output from: locate imap
    Code:
    /etc/apache2/mods-available/imap.load
    /etc/logcheck/ignore.d.paranoid/imap
    /etc/logcheck/ignore.d.server/imapproxy
    /etc/logcheck/ignore.d.server/uw-imapd
    /etc/pam.d/imap
    /etc/ssl/certs/imapd.pem
    /lib/modules/2.6.8-2-386/modules.pcimap
    /usr/include/c++/3.3/backward/multimap.h
    /usr/include/c++/3.3/bits/stl_multimap.h
    /usr/lib/apache2/modules/mod_imap.so
    /usr/lib/mon/mon.d/imap.monitor
    /usr/lib/php4/20020429/imap.so
    /usr/lib/python2.3/imaplib.py
    /usr/lib/python2.3/imaplib.pyc
    /usr/lib/python2.3/imaplib.pyo
    /usr/sbin/imapd
    /usr/share/doc/apache2-doc/manual/mod/mod_imap.html
    /usr/share/doc/apache2-doc/manual/mod/mod_imap.html.en
    /usr/share/doc/apache2-doc/manual/mod/mod_imap.html.ko.euc-kr
    /usr/share/doc/apache2-doc/manual/mod/mod_imap.xml.gz
    /usr/share/doc/apache2-doc/manual/mod/mod_imap.xml.ko.gz
    /usr/share/doc/apache2-doc/manual/mod/mod_imap.xml.meta
    /usr/share/doc/HOWTO/en-txt/Qmail-VMailMgr-Courier-imap-HOWTO.gz
    /usr/share/doc/libc-client2002edebian/imaprc.txt.gz
    /usr/share/doc/php4-imap
    /usr/share/doc/uw-imapd
    /usr/share/doc/uw-imapd/bugs.txt.gz
    /usr/share/doc/uw-imapd/buildinfo.gz
    /usr/share/doc/uw-imapd/changelog.Debian.gz
    /usr/share/doc/uw-imapd/copyright
    /usr/share/doc/uw-imapd/NEWS.Debian.gz
    /usr/share/doc/uw-imapd/README.Debian
    /usr/share/doc/uw-imapd/RELNOTES.gz
    /usr/share/doc/uw-imapd-ssl
    /usr/share/doc/uw-imapd-ssl/buildinfo.gz
    /usr/share/doc/uw-imapd-ssl/changelog.Debian.gz
    /usr/share/doc/uw-imapd-ssl/copyright
    /usr/share/doc/uw-imapd-ssl/NEWS.Debian.gz
    /usr/share/doc/uw-imapd-ssl/README.Debian
    /usr/share/doc/uw-imapd/TODO.Debian
    /usr/share/linda/overrides/uw-imapd
    /usr/share/lintian/overrides/php4-imap
    /usr/share/lintian/overrides/uw-imapd
    /usr/share/man/man8/imapd.8C.gz
    /usr/share/webmin/apache/mod_imap.pl
    /var/cache/apt/archives/php4-imap_4%3a4.3.10-16_i386.deb
    /var/cache/apt/archives/uw-imapd-ssl_7%3a2002edebian1-11sarge1_all.deb
    /var/lib/dpkg/info/php4-imap.config
    /var/lib/dpkg/info/php4-imap.list
    /var/lib/dpkg/info/php4-imap.md5sums
    /var/lib/dpkg/info/php4-imap.postinst
    /var/lib/dpkg/info/php4-imap.postrm
    /var/lib/dpkg/info/php4-imap.prerm
    /var/lib/dpkg/info/php4-imap.templates
    /var/lib/dpkg/info/uw-imapd.conffiles
    /var/lib/dpkg/info/uw-imapd.config
    /var/lib/dpkg/info/uw-imapd.list
    /var/lib/dpkg/info/uw-imapd.md5sums
    /var/lib/dpkg/info/uw-imapd.postinst
    /var/lib/dpkg/info/uw-imapd.postrm
    /var/lib/dpkg/info/uw-imapd.preinst
    /var/lib/dpkg/info/uw-imapd-ssl.list
    /var/lib/dpkg/info/uw-imapd-ssl.md5sums
    /var/lib/dpkg/info/uw-imapd.templates
    
    output from: locate ipop
    Code:
    /etc/logcheck/ignore.d.server/ipopd
    /etc/ssl/certs/ipop3d.pem
    /usr/sbin/ipop2d
    /usr/sbin/ipop3d
    /usr/share/doc/ipopd
    /usr/share/doc/ipopd/buildinfo.gz
    /usr/share/doc/ipopd/changelog.Debian.gz
    /usr/share/doc/ipopd/copyright
    /usr/share/doc/ipopd/NEWS.Debian.gz
    /usr/share/doc/ipopd/README.Debian
    /usr/share/doc/ipopd-ssl
    /usr/share/doc/ipopd-ssl/buildinfo.gz
    /usr/share/doc/ipopd-ssl/changelog.Debian.gz
    /usr/share/doc/ipopd-ssl/copyright
    /usr/share/doc/ipopd-ssl/NEWS.Debian.gz
    /usr/share/doc/ipopd-ssl/README.Debian
    /usr/share/linda/overrides/ipopd
    /usr/share/lintian/overrides/ipopd
    /usr/share/man/man8/ipop2d.8C.gz
    /usr/share/man/man8/ipop3d.8C.gz
    /usr/share/man/man8/ipopd.8C.gz
    /var/cache/apt/archives/ipopd_7%3a2002edebian1-11sarge1_i386.deb
    /var/cache/apt/archives/ipopd-ssl_7%3a2002edebian1-11sarge1_all.deb
    /var/lib/dpkg/info/ipopd.conffiles
    /var/lib/dpkg/info/ipopd.config
    /var/lib/dpkg/info/ipopd.list
    /var/lib/dpkg/info/ipopd.md5sums
    /var/lib/dpkg/info/ipopd.postinst
    /var/lib/dpkg/info/ipopd.postrm
    /var/lib/dpkg/info/ipopd.preinst
    /var/lib/dpkg/info/ipopd-ssl.list
    /var/lib/dpkg/info/ipopd-ssl.md5sums
    /var/lib/dpkg/info/ipopd.templates
    
     
    Last edited: Nov 24, 2005
  4. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Hm, I thought there might be a program that allows to re-create the certificates, but obviously there isn't for imapd and ipop3d. :( For Courier there's such a program...
     
  5. TheMike

    TheMike New Member

    I think I managed it without the help of a tool!

    This example is for Debian 3.1 and worked for me, it is neccesary to create your own Certificate Authority (CA) and sign it yourself or otherwise purchase a "real" X.509 certificate signed by a Certificate Authority (CA).

    Please adjust paths if they are different on your system!

    Code:
    ////////////////////////////////////////////////////
    //Setup a TLS-enabled POP3/IMAP server
    //We need to make crypto keys and certificates.
    //Without them, TLS/SSL will not work.
    ////////////////////////////////////////////////////
    //Create the key:
    openssl genrsa -out ipop3d.pem 1024
    chmod 0400 ipop3d.pem
    cp -v ipop3d.pem /etc/ssl/keys
    ////////////////////////////////////////////////////
    //Creating The CSR:
    openssl req -new -key ipop3d.pem -out ipop3d.csr
    mv ipop3d.csr /etc/ssl/csrs
    ////////////////////////////////////////////////////
    //Signing the CSR:
    openssl x509 -req -days 3650 -sha1 -CAcreateserial -in /etc/ssl/csrs/ipop3d.csr -CA /etc/ssl/certs/ca.domain.com.crt -CAkey /etc/ssl/keys/ca.domain.com.key -out ipop3d-cert.pem
    chmod 0400 ipop3*
    cat ipop3d-cert.pem >> ipop3d.pem
    cp -v ipop3d.pem /etc/ssl/certs
    cp -v ipop3d.pem /etc/ssl/certs/imapd.pem
    
    Regards,
    TheMike
     
  6. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Thanks for the tip! :)
     
  7. themachine

    themachine New Member HowtoForge Supporter ISPConfig Developer

  8. meldron

    meldron New Member

    I followed this guide step by step, but i don't get a working certificate. Something changed in the last year?
     
  9. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Do you use Debian Sarge?
     
  10. meldron

    meldron New Member

    Yes, Debian Sarge 3.1

    I was able to create a new one with the /var/lib/dpkg/info/ipopd.postinst. But with a manual created certificate i always get a authentification failure.
     
  11. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What exactly do you do when manually creating a cert?
     

Share This Page