Outlook seeing self signed ssl certificate

Discussion in 'General' started by thebeard, Aug 4, 2017.

  1. thebeard

    thebeard New Member

    Hi,
    I am getting a security warning "The server you are connected to is using a security certificate that cannot be verified."
    i have a ssl certificate for mydomain.com with ssl.com. https:// mydomain.com works great in the browser. Just when I
    check email with outloook it doesn't work. Outlook is seeing server1.mydomain.com. which is the self signed certificate.
    I thought this might be the problem so I bought a certificate for server1.mydomain.com and replaced the postfix cert and key
    with that certificate. Still pulls up the self signed certificate. I then replaced the ispconfig/interface/ssl cert and key and it still
    pulls up the self signed cert when checking email with outlook. Is there another location? What am I missing?

    Thanks,
    Greg
     
  2. loonatik

    loonatik New Member HowtoForge Supporter

    in /etc/dovecot/dovecot.conf
    Look for these below and point them to the correct certs:
    ssl_cert = </etc/postfix/smtpd.cert
    ssl_key = </etc/postfix/smtpd.key
     
  3. thebeard

    thebeard New Member

    the dovecot.conf points to the right certs.
    I suspect the problem may be when I replaced the /usr/local/ispconfig/interface/ssl certs.
    I created a new csr from my /etc/postfix/smtpd.key uploaded the csr to ssl.com. received the domain.crt and ca-bundle.crt
    I combined those 2 together into a new crt file. replaced the smtpd.cert with the new crt file. restarted postfix.
    Then replaced /usr/local/ispconfig/interface/ssl/ispconfig.crt data with the new smtpd.crt and copied the smtpd.key to ispconfig.key.
    I noticed there are alot more files in the /usr/local/ispconfig/interface/ssl folder.
    example: ispconfig.pem , startssl.ca.crt , startssl.chain.class1.server.crt , startssl.sub.class1.server.ca.crt
    I didn't know what to do with those. I only received 2 files from ssl.com. domain.crt and ca-bundle.crt
    What do you think?

    Greg
     
  4. thebeard

    thebeard New Member

    Ok. Got it fixed.
    I combined the domain.key, domain.crt, ca-bundle.crt into one file in that order.
    Renamed it to ispserver.pem restarted dovecot service and it works. Outlook security message is gone.

    Thanks for the help.
     

Share This Page