On Wednesday 11 June 2003 23:41, "Paeddy" <[EMAIL PROTECTED]>
wrote:
> i also remarked that the imap-ssl doesn't start
> automatically when i make a /etc/rc3.d/S99courier start
> but when i'm dooing a stop it stops it. are there some
> special thing i should know about starting up imapssl
> automatically ?
The /etc/rc.d/init.d/courier script will try to "stop" the
imap-ssl process if the file
/usr/lib/courier/sbin/imap-ssl exists (which it will if
courier could find openssl when it compiled). But courier
will only start imapd-ssl if you have enable it in the
configuration file. Go into the /etc/courier/imapd-ssl
file and look for the line that says IMAPDSSLSTART. Make
it say "IMAPDSSLSTART=YES". You might also want to enable
"IMAPDSTARTTLS=YES" as well.
> is there a way to sign this key by myself ? like i can do
> it with the key i use fro OpenSSL ?
Sure. Courier creates some self-signed certificates if they
don't already exist, but you can create your own
certificates and use them instead. There are three
certificates: imapd.pem, esmtpd.pem, pop3d.pem and they all
live in /usr/lib/courier/share. If you replace them with
your own certificates then courier will use those instead.
I created my own and then symlinked those three files to
the actual certificate. That works fine. Make sure you
get the permissions right though. Check out the
permissions and ownership on the ones that courier creates
before you remove them.
There are also three scripts in the share directory:
mkimapdcert, mkesmtpdcert, and mkpop3dcert that can be used
to make your own self-signed certificates. The mkimapdcert
pulls in values from the /etc/courier/imapd.cnf file. The
others use the appropriately named config file in
/etc/courier/ Edit the values in those cnf files and then
run the scripts and it will create self-signed scripts with
your own info. in them.
You can use openssl to create your own CA if you want and
then sign your own certs or you can create a csr and pay
big bucks to get it signed. For our local network I created
a CA and imported that into everyone's system. Then I used
the CA to sign the courier certs and now Outlook doesn't
complain anymore.
The certificate file needs both the certificate and key in
it. I got "caught" because my key was encrypted and so
none of the ssl connections worked even though I had a key
and certificate in the .pem file. I ended up having to run
my private key back through "openssl rsa" and then add it
to the signed certificate file ("cat courierkey.pem >>
couriercert.pem"). After that everything worked fine.
Jeff Jansen
-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
