DevHeads.net

Fwd: Re: TLS certificate

Forgot to CC it.

On Fri, 6 Feb 2009 15:58:29 +0100, Patrick Ben Koetter <p@state-of-mind.de>
wrote:

818D5B49C5CB09E8490FD03042774E97C5569A7FA39A2A77FB6E0A455B0A433CA9F6A4BA6CA15E0CABE22E2735D2B43E

I, when I try with Thunderbird from another location.

Regards,

/Tolga

Comments

Re: Fwd: Re: TLS certificate

By Victor Duchovni at 03/18/2009 - 22:36

Well, it is Thunderbird that needs to extend its list of trusted
CAs not Postfix. No amount of tweaking the Postfix server will
make Thunderbird trust your locally-minted CA.

Re: Fwd: Re: TLS certificate

By Tolga at 03/18/2009 - 22:37

On Fri, 6 Feb 2009 12:15:26 -0500, Victor Duchovni

You were right, I had to tweak Dovecot to offer the right certificate.

Regards,

/Tolga

Re: Fwd: Re: TLS certificate

By Tolga at 03/18/2009 - 22:37

Victor Duchovni yazmış:

Hello,

I imported publiccert.pem into Thunderbird and it's working now. However
I'd still like to know why Postfix has trouble offering the right
certificate.

Below is my postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
mydestination = ozses.net, kunduz.org, localhost.net, localhost
myhostname = ozses.net
mynetworks = 127.0.0.0/8 192.168.0.0/16 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_unknown_reverse_client_hostname,
reject_unauth_pipelining, reject_non_fqdn_recipient,
reject_rbl_client zen.spamhaus.org
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_cert_file = /etc/ssl/certs/publiccert.pem
smtpd_tls_key_file = /etc/ssl/private/privatekey.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes

tolga@ozses:~$ cat /etc/ssl/certs/publiccert.pem

...
...
...
Issuer: C=TR, ST=Marmara, O=ozses.net, OU=ozses.net,
CN=mail.ozses.net/emailAddress= ... at ozses dot net
Validity
Not Before: Feb 5 14:33:51 2009 GMT
Not After : Feb 4 14:33:51 2014 GMT
OU=ozses.net, CN=mail.ozses.net/emailAddress= ... at ozses dot net
...
...
...

Postfix is still offering the certificate of which screenshot is at <a href="http://people.sabanciuniv.edu/mtozses/cert.png" title="http://people.sabanciuniv.edu/mtozses/cert.png">http://people.sabanciuniv.edu/mtozses/cert.png</a> (sorry, I can't attach it)

Regards,

/Tolga