Hi Peter,
You need to tell your users to delete the pop/imap account completely
(not editing it) and register again just from the very beginning and
they need to be connected to the wifi so the trust certificate shows the
"trust option" to check it (in details) and finish their register. That
can happen when you change the actual certificate or it has expired, I
use my self-signed-certificates and set the expiry time at 10 years
forward. When signing you need to use the option -extensions v3_ca as
follows:
openssl req -x509 -nodes -days 4825 -newkey rsa:2048 -keyout server1.key
-out server1.crt -extensions v3_ca
cat server.crt server.key > servercert.pem
cp servercert.pem /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem
chown root.vchkpw /var/qmail/control/servercert.pem
openssl pkcs12 -export -out mail4.pfx -inkey server.key -in server.crt
When you use that option (extensions) apple/microsoft products can give
you an option to trust your certificate.
Greetings!
El 22/08/2020 a las 04:28 a. m., Peter Peltonen escribió:
I have an old COS5 qmailtoaster
Since yesterday Apple devices using its Mail program have been
receiving messages about certificate being not valid. Its a wildcard
certificate that is being used elsewhere as well so it should be valid
(it has not been expired).
All other devices / clients seem to work also.
As COS5 openssl uses TLSv1 I started wondering if Apple has deprecated
it from its Mail clients...?
I do have this fix enabled:
https://www.qmailtoaster.org/newopensslcnt50.html
But I assume it does not affect Dovecot which is still using the old
OpenSSL, right?
So my only option really is to upgrade... Should have done it ages ago
of course. Just wondering if some quick fix came to somebody's mind so
I could buy some time to do the upgrade with a little more
preparation?
Best,
Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
