On 20 December 2018 at 12:50 Stavros Tsolakos < [email protected]> wrote:
On 20/12/2018 12:37, Marc Roos wrote:
You have to create your own ca, and then create the certificate. I doubtif you will be able to find companies like DigiCert or Comodo to dothis.
If you want, I can try sign it with our own 'internal' CA. The onlything you have to do is of course adding our CA to your ca bundle butthat is very easy in CentOS7
Thank you, Marc.
We created our own CA and certificates just fine. The problem is thatSSL does not seem to like them giving the error I mentioned in theprevious message:
dovecot: imap-login: Error: SSL: Stacked error: error:04075070:rsaroutines:RSA_sign:digest too big for rsa key
What would an SSL+Dovecot expert do if this error was encountered? A1024 bit key works just fine but we have to stick to 256.
You need to use a weak TLS algorithm. 256 bit rsa key can contain less than 32 bytes of data so you need to use sha1 based tls algorithm.
---
Aki Tuomi
Aki Tuomi
