I'm having trouble making certificates that work with courier. I used openssl to create a self-signed Certificate Authority certificate. Then I created a new certificate request and private key. Then I used my CA to sign the certificate request. Everything went fine and I can import the CA and the signed cert into Konqueror with no troubles. "openssl x509 -text" shows it as a perfectly valid certificate, properly signed, etc. But if I try and use it as imapd.pem courier refuses to accept any encrypted connections and I get "TLS start error" in kmail whenever I try and use STARTTLS.
I looked at the self-signed certificates that courier generates itself (as well as the ones created by the "mkimapdcert" command) and they contain a RSA PRIVATE KEY section at the top and a DH PARAMETERS section at the bottom. I looked at the mkimapdcert script and it uses "openssl req" to create a certificate and self-sign it at the same time. It also uses the "-keyout" switch to store the private key in the ".pem" file. Then it uses "openssl gendh" to append the DH parameters. I used "openssl x509" and "openssl ca" to sign the certificate request and neither of them seem to have an option to stick the private key in their as well. I tried copying the private key that I created when I made the certificate request to the top of the pem file that was created by signed it and I ran the gendh command and appended it to the bottom of the cert I created but still courier isn't happy. I've made sure that all the permissions on the cert I created match those of the certs courier creates (courier.root 600). How do you sign a certificate and install it so courier likes it? I know very little about certificates and am just following the openssl man pages. Jeff Jansen ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
