Here's my procedure. It works every time. Take special note of #5 below. # 1. Create the key (below). For other than a self-signed cert. use options other than 1c. 1a ) openssl genrsa -out x.key 2048 1b) openssl req -new -key x.key -out x.csr 1c) openssl x509 -req -days 3650 -in x.csr -signkey x.key -out x.crt 1d) cat x.crt x.key > mailkey.crt # 2. Copy the key (mailkey.crt) to /var/qmail/control/servercert.pem # 3. Restart Qmail # 4. Import the key to trusted root server in Internet Explorer # 5. Make sure the name of the server (CN) when creating the certificate, whether FQDN # or IP address, is used in the server information incoming and outgoing fields # of the mail client. # 6. Restart the mail client
On 2/1/2014 9:26 AM, Richard Baxant wrote: > Yes I followed the first part. It gave me the information to cat the > files to create the pem. The rest is self-signed certs and I do not > want that part. > > > On Sat, Feb 1, 2014 at 10:52 AM, Eric Shubert <e...@shubes.net > <mailto:e...@shubes.net>> wrote: > > On 02/01/2014 08:09 AM, Richard Baxant wrote: > > Has anyone got this to work in qmailtoaster with this brand of > SSL at > 2048 encryption? > > I can see that qmail has the clientcert.pem -> servercert.pem. > I looked > at the internals of the file to see the order of the keys. I > cannot > figure out other than the test cert is 1024 encryption and > mine is 2048. > > Comodo gives 2 files after you provide the server.csr: > domain_com.ca-bundle & domain_com.crt > > I have tried variations of "cat" Using the myserver.key on the > files to > create the "pem" file, restarting qmail after each change and > I get a > failure each time in Thunderbird for STARTTLS with a no > authentication. > > Anyone have some insight as to where i am going wrong? > > The orignal test cert that comes with the qmailtoaster works > with an > obvious warning due the information provided does not match my > server > > I am also aware that I can create a self-signed cert but that > is not > what i am trying to accomplish > > Thanks in advance > > ricbax > > > Is this helpful?: > http://wiki.qmailtoaster.com/index.php/Certificate > > -- > -Eric 'shubes' > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > qmailtoaster-list-unsubscr...@qmailtoaster.com > <mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com> > For additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com > <mailto:qmailtoaster-list-h...@qmailtoaster.com> > >