Here's my procedure. It works every time. Take special note of #5 below.
# 1. Create the key (below). For other than a self-signed cert. use
options other than 1c.
1a ) openssl genrsa -out x.key 2048
1b) openssl req -new -key x.key -out x.csr
1c) openssl x509 -req -days 3650 -in x.csr -signkey x.key -out x.crt
1d) cat x.crt x.key mailkey.crt
# 2. Copy the key (mailkey.crt) to /var/qmail/control/servercert.pem
# 3. Restart Qmail
# 4. Import the key to trusted root server in Internet Explorer
# 5. Make sure the name of the server (CN) when creating the
certificate, whether FQDN
#or IP address, is used in the server information incoming and
outgoing fields
#of the mail client.
# 6. Restart the mail client
On 2/1/2014 9:26 AM, Richard Baxant wrote:
Yes I followed the first part. It gave me the information to cat the
files to create the pem. The rest is self-signed certs and I do not
want that part.
On Sat, Feb 1, 2014 at 10:52 AM, Eric Shubert e...@shubes.net
mailto:e...@shubes.net wrote:
On 02/01/2014 08:09 AM, Richard Baxant wrote:
Has anyone got this to work in qmailtoaster with this brand of
SSL at
2048 encryption?
I can see that qmail has the clientcert.pem - servercert.pem.
I looked
at the internals of the file to see the order of the keys. I
cannot
figure out other than the test cert is 1024 encryption and
mine is 2048.
Comodo gives 2 files after you provide the server.csr:
domain_com.ca-bundle domain_com.crt
I have tried variations of cat Using the myserver.key on the
files to
create the pem file, restarting qmail after each change and
I get a
failure each time in Thunderbird for STARTTLS with a no
authentication.
Anyone have some insight as to where i am going wrong?
The orignal test cert that comes with the qmailtoaster works
with an
obvious warning due the information provided does not match my
server
I am also aware that I can create a self-signed cert but that
is not
what i am trying to accomplish
Thanks in advance
ricbax
Is this helpful?:
http://wiki.qmailtoaster.com/index.php/Certificate
--
-Eric 'shubes'
-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
mailto:qmailtoaster-list-h...@qmailtoaster.com