|
I've been trying for a couple
of days to produce a self signed certificate for Dovecot. (I never had
any problem with UW-imap) Using the provided mkcert.sh, I found the following problems: 1. The SSLDIR variable was incorrect. Got the error message - /etc/ssl/certs directory doesn't exist /etc/ssl/private directory doesn't exist. I changed this to point to /usr/share/ssl 2. When I ran again ran the script, it complained: /usr/share/ssl/certs/imapd.pem already exists, won't overwrite. Why imapd.pem, when there is a dovecot.pem file? 3. I commented out the checks in the script file that look for existing dovecot.pem files. It ran further this time. I got: Generating a 1024 bit RSA private key .......................................++++++ .........++++++ writing new private key to '/usr/share/ssl/private/imapd.pem' ----- subject= /OU=IMAP POP server/CN=server.aeran.info/emailAddress=admin@xxxxxxxxxx MD5 Fingerprint=4A:6C:7C:9F:E7:BD:38:04:3F:81:1D:69:DE:17:9B:DA Note it wrote 'imapd.pem' not 'dovecot.pem' as I would have expected. It didn't write dovecot.pem into /usr/share/ssl/certs Dovecot won't start if the .pem files are not correct. You get: Jun 23 21:39:39 server imap-login: Can't load private key file /usr/share/ssl/private/dovecot.pem: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch What is going on here?? Why two certificates? Should they be imapd.pem or dovecot.pem? I've done a lot of googling, and looking in the dovecot lists, trying to find an answer. No luck. Could someone please look into this? |
