On Wed, 2004-06-23 at 13:51, Tony Ransom wrote: > I've been trying for a couple of days to produce a self signed > certificate for Dovecot. (I never had any problem with UW-imap) > > Using the provided mkcert.sh, I found the following problems: > > 1. The SSLDIR variable was incorrect. Got the error message - > > /etc/ssl/certs directory doesn't exist > /etc/ssl/private directory doesn't exist. > > I changed this to point to /usr/share/ssl Yep. > 2. When I ran again ran the script, it complained: > > /usr/share/ssl/certs/imapd.pem already exists, won't overwrite. Why > imapd.pem, when there is a dovecot.pem file? > > 3. I commented out the checks in the script file that look for > existing dovecot.pem files. It ran further this time. I got: > > > Generating a 1024 bit RSA private key > .......................................++++++ > .........++++++ > writing new private key to '/usr/share/ssl/private/imapd.pem' > ----- > > subject= /OU=IMAP POP > server/CN=server.aeran.info/emailAddress=admin@xxxxxxxxxx > MD5 Fingerprint=4A:6C:7C:9F:E7:BD:38:04:3F:81:1D:69:DE:17:9B:DA > > Note it wrote 'imapd.pem' not 'dovecot.pem' as I would have expected. > > It didn't write dovecot.pem into /usr/share/ssl/certs > > Dovecot won't start if the .pem files are not correct. You get: > > Jun 23 21:39:39 server imap-login: Can't load private key file > /usr/share/ssl/private/dovecot.pem: error:0B080074:x509 certificate > routines:X509_check_private_key:key values mismatch > > What is going on here?? > > Why two certificates? Should they be imapd.pem or dovecot.pem? > > I've done a lot of googling, and looking in the dovecot lists, trying > to find an answer. No luck. > > Could someone please look into this? I also had to modify the following in my mkcert.sh: CERTFILE=$SSLDIR/certs/dovecot.pem KEYFILE=$SSLDIR/private/dovecot.pem -- David Keen
