I installed Debian 3.1 on a machine according to your Perfect setup HOWTO! Now I have most of it working but I would like to update the two following files: /etc/ssl/certs/imapd.pem /etc/ssl/certs/ipo3d.pem because they are incorrect. I did not install ISPConfig and I also don't want to use it. (for this specific machine) So I have to create these certificates manually. Can someone show me the right step or syntax to do this?
output from: locate imap Code: /etc/apache2/mods-available/imap.load /etc/logcheck/ignore.d.paranoid/imap /etc/logcheck/ignore.d.server/imapproxy /etc/logcheck/ignore.d.server/uw-imapd /etc/pam.d/imap /etc/ssl/certs/imapd.pem /lib/modules/2.6.8-2-386/modules.pcimap /usr/include/c++/3.3/backward/multimap.h /usr/include/c++/3.3/bits/stl_multimap.h /usr/lib/apache2/modules/mod_imap.so /usr/lib/mon/mon.d/imap.monitor /usr/lib/php4/20020429/imap.so /usr/lib/python2.3/imaplib.py /usr/lib/python2.3/imaplib.pyc /usr/lib/python2.3/imaplib.pyo /usr/sbin/imapd /usr/share/doc/apache2-doc/manual/mod/mod_imap.html /usr/share/doc/apache2-doc/manual/mod/mod_imap.html.en /usr/share/doc/apache2-doc/manual/mod/mod_imap.html.ko.euc-kr /usr/share/doc/apache2-doc/manual/mod/mod_imap.xml.gz /usr/share/doc/apache2-doc/manual/mod/mod_imap.xml.ko.gz /usr/share/doc/apache2-doc/manual/mod/mod_imap.xml.meta /usr/share/doc/HOWTO/en-txt/Qmail-VMailMgr-Courier-imap-HOWTO.gz /usr/share/doc/libc-client2002edebian/imaprc.txt.gz /usr/share/doc/php4-imap /usr/share/doc/uw-imapd /usr/share/doc/uw-imapd/bugs.txt.gz /usr/share/doc/uw-imapd/buildinfo.gz /usr/share/doc/uw-imapd/changelog.Debian.gz /usr/share/doc/uw-imapd/copyright /usr/share/doc/uw-imapd/NEWS.Debian.gz /usr/share/doc/uw-imapd/README.Debian /usr/share/doc/uw-imapd/RELNOTES.gz /usr/share/doc/uw-imapd-ssl /usr/share/doc/uw-imapd-ssl/buildinfo.gz /usr/share/doc/uw-imapd-ssl/changelog.Debian.gz /usr/share/doc/uw-imapd-ssl/copyright /usr/share/doc/uw-imapd-ssl/NEWS.Debian.gz /usr/share/doc/uw-imapd-ssl/README.Debian /usr/share/doc/uw-imapd/TODO.Debian /usr/share/linda/overrides/uw-imapd /usr/share/lintian/overrides/php4-imap /usr/share/lintian/overrides/uw-imapd /usr/share/man/man8/imapd.8C.gz /usr/share/webmin/apache/mod_imap.pl /var/cache/apt/archives/php4-imap_4%3a4.3.10-16_i386.deb /var/cache/apt/archives/uw-imapd-ssl_7%3a2002edebian1-11sarge1_all.deb /var/lib/dpkg/info/php4-imap.config /var/lib/dpkg/info/php4-imap.list /var/lib/dpkg/info/php4-imap.md5sums /var/lib/dpkg/info/php4-imap.postinst /var/lib/dpkg/info/php4-imap.postrm /var/lib/dpkg/info/php4-imap.prerm /var/lib/dpkg/info/php4-imap.templates /var/lib/dpkg/info/uw-imapd.conffiles /var/lib/dpkg/info/uw-imapd.config /var/lib/dpkg/info/uw-imapd.list /var/lib/dpkg/info/uw-imapd.md5sums /var/lib/dpkg/info/uw-imapd.postinst /var/lib/dpkg/info/uw-imapd.postrm /var/lib/dpkg/info/uw-imapd.preinst /var/lib/dpkg/info/uw-imapd-ssl.list /var/lib/dpkg/info/uw-imapd-ssl.md5sums /var/lib/dpkg/info/uw-imapd.templates output from: locate ipop Code: /etc/logcheck/ignore.d.server/ipopd /etc/ssl/certs/ipop3d.pem /usr/sbin/ipop2d /usr/sbin/ipop3d /usr/share/doc/ipopd /usr/share/doc/ipopd/buildinfo.gz /usr/share/doc/ipopd/changelog.Debian.gz /usr/share/doc/ipopd/copyright /usr/share/doc/ipopd/NEWS.Debian.gz /usr/share/doc/ipopd/README.Debian /usr/share/doc/ipopd-ssl /usr/share/doc/ipopd-ssl/buildinfo.gz /usr/share/doc/ipopd-ssl/changelog.Debian.gz /usr/share/doc/ipopd-ssl/copyright /usr/share/doc/ipopd-ssl/NEWS.Debian.gz /usr/share/doc/ipopd-ssl/README.Debian /usr/share/linda/overrides/ipopd /usr/share/lintian/overrides/ipopd /usr/share/man/man8/ipop2d.8C.gz /usr/share/man/man8/ipop3d.8C.gz /usr/share/man/man8/ipopd.8C.gz /var/cache/apt/archives/ipopd_7%3a2002edebian1-11sarge1_i386.deb /var/cache/apt/archives/ipopd-ssl_7%3a2002edebian1-11sarge1_all.deb /var/lib/dpkg/info/ipopd.conffiles /var/lib/dpkg/info/ipopd.config /var/lib/dpkg/info/ipopd.list /var/lib/dpkg/info/ipopd.md5sums /var/lib/dpkg/info/ipopd.postinst /var/lib/dpkg/info/ipopd.postrm /var/lib/dpkg/info/ipopd.preinst /var/lib/dpkg/info/ipopd-ssl.list /var/lib/dpkg/info/ipopd-ssl.md5sums /var/lib/dpkg/info/ipopd.templates
Hm, I thought there might be a program that allows to re-create the certificates, but obviously there isn't for imapd and ipop3d. For Courier there's such a program...
I think I managed it without the help of a tool! This example is for Debian 3.1 and worked for me, it is neccesary to create your own Certificate Authority (CA) and sign it yourself or otherwise purchase a "real" X.509 certificate signed by a Certificate Authority (CA). Please adjust paths if they are different on your system! Code: //////////////////////////////////////////////////// //Setup a TLS-enabled POP3/IMAP server //We need to make crypto keys and certificates. //Without them, TLS/SSL will not work. //////////////////////////////////////////////////// //Create the key: openssl genrsa -out ipop3d.pem 1024 chmod 0400 ipop3d.pem cp -v ipop3d.pem /etc/ssl/keys //////////////////////////////////////////////////// //Creating The CSR: openssl req -new -key ipop3d.pem -out ipop3d.csr mv ipop3d.csr /etc/ssl/csrs //////////////////////////////////////////////////// //Signing the CSR: openssl x509 -req -days 3650 -sha1 -CAcreateserial -in /etc/ssl/csrs/ipop3d.csr -CA /etc/ssl/certs/ca.domain.com.crt -CAkey /etc/ssl/keys/ca.domain.com.key -out ipop3d-cert.pem chmod 0400 ipop3* cat ipop3d-cert.pem >> ipop3d.pem cp -v ipop3d.pem /etc/ssl/certs cp -v ipop3d.pem /etc/ssl/certs/imapd.pem Regards, TheMike
For future reference you can check out this howto as well: http://www.5dollarwhitebox.org/wiki/index.php/Howtos_Self_Signed_SSL_Certificates
I followed this guide step by step, but i don't get a working certificate. Something changed in the last year?
Yes, Debian Sarge 3.1 I was able to create a new one with the /var/lib/dpkg/info/ipopd.postinst. But with a manual created certificate i always get a authentification failure.
