miércoles, septiembre 24, 2014

Create new certified for Courier (popd and imapd), Dovecot and Postfix

If you find these types of errors in your maillog:

courier-imaps: couriertls: read: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

or

courier-imaps: couriertls: /usr/share/imapd.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line


Probably you have to create a news certified. Let go:

Make a backup of you old certified, you can edit courier, dovecot and postfix files configs to know where is it  (/etc/courier-imap/imap-ssl and /etc/courier-pop3d-ssl, /etc/postfix/main.cf and /etc/dovecot/dovecot.conf):


mkdir certbackup
cp /usr/share/pop3d.pem certbackup
cp /usr/share/imapd.pem certbackup

cp /etc/postfix/postfix_default.pem certbackup
cp /etc/dovecot/private/ssl-cert-and-key.pem certbackup

Now, you have to create a private key and certified. Importan to respond to 'Common Name'.


openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout cert.key -out cert.csr
...
Common Name (eg, your name or your server's hostname) []:www.domain.com
...
cp cert.key /usr/share/pop3d.pem
cat cert.key cert.csr > /usr/share/imapd.pem

cat cert.key cert.csr > /etc/postfix/postfix_default.pem
cat cert.key cert.csr > /etc/dovecot/private/ssl-cert-and-key.pem


Restart courier, dovecot and postfix.
Publicar un comentario