-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mark Constable wrote: | So we are talking about this certificate I guess... | https://certificates.starfieldtech.com/repository/sf_issuing.crt | and my courierd (0.47-3) already has this reference | /etc/courierd:TLS_TRUSTCERTS=/usr/lib/courier/rootcerts | so I copied the above line to imapd-ssl and the sf_issuing.crt | file to the referred directory and restarted courier. No go. | The other certs have some different format prepended (I presume) | and are called *.pem and I think I need to use "c_rehash" ? | | Would you mind outlining a couple of extra steps please ?
Dear Mark,
The basic steps are to convert the certificate to PEM format and then to run c_rehash in that directory to create the hash of the certificate for openssl to use. So assuming that you have saved the sf_issuing.crt file to /usr/lib/courier/rootcerts then you would run
openssl x509 -in /usr/lib/courier/rootcerts/sf_issuing.crt -out \ ~ /usr/lib/courier/rootcerts/sf_issuing.pem -outform pem
c_rehash /usr/lib/courier/rootcerts
That's it. I'm not even sure the first step is necessary since the sf_issuing.crt file looks like it's already in PEM format. You may just be able to change the name to 'sf_issuing.pem'. But it can't hurt to convert it anyway.
All the certs in the courier rootcert directory have the text of the cert included in the PEM file. I assume that's just to make it human readable since I think the programs ignore everything except the BEGIN..END blocks, but I could be wrong. If you want to include the text as well you can add '-text' to that first openssl command and it will include the text of the cert as well.
Try that and see if it works. I'm strictly an openssl user; I don't understand the "deeper magic" going on there. :-)
Jeff Jansen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCF1gjZxtYeNk78A8RAqxTAKC4Llb7wGGm+48x9eMe/qVrumYCPQCg0Jx9 SHOrR2ZrVbGP39WW/ukVyFs= =07gX -----END PGP SIGNATURE-----
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
