On Thu, Sep 22, 2005 at 12:14:16PM -0400, Reuben Budiardja wrote: > Hello, > I have two (personal) mail servers both running dovecot. I only allow > imaps service for better security. Both using just the default > certificates. > > I am wondering how do I create my own self-signed certificate that works > with dovecot ? I tried searching the web but I've not found what I need > yet. I've tried running "make dovecot.pem" in /usr/share/ssl/certs, but > after creating a new dovecot.pem, I got: > > imap-login: Can't load private key file > /usr/share/ssl/private/dovecot.pem: error:0 > B080074:x509 certificate routines:X509_check_private_key:key values mismatch > Sep 22 12:14:35 pathfinder last message repeated 2 times > Sep 22 12:14:35 pathfinder dovecot: Login process died too early - > shutting down > Sep 22 12:14:35 pathfinder dovecot: child 22839 (login) returned error 89 > > Any help ? > > One of the reason I want to create a new self-signed certificate is that > thunderbird complained that my certificate serial number is not unique, > when it tries to access my other mail server (also running dovecot with > imaps). I don't know why thunderbird does that while kmail works just > fine with the two mail servers. > > Thanks for any info or pointer. > > Reuben D. Budiardja In FC4 your create the dovecot cert by first configuring: /etc/pki/dovecot/dovecot-openssl.cnf and then running mkcert.sh in: /usr/share/doc/dovecot-0.99.14/examples/mkcert.sh The certificate shows up in /etc/pki/dovecot -- ======================================================================= "I'll rob that rich person and give it to some poor deserving slob. That will *prove* I'm Robin Hood." -- Daffy Duck, "Robin Hood Daffy", [1958, Chuck Jones] ------------------------------------------- Aaron Konstam Computer Science Trinity University telephone: (210)-999-7484
