IMAP Certificate Expired

Discussion in 'HOWTO-Related Questions' started by sgsterling, Oct 29, 2009.

  1. sgsterling

    sgsterling New Member

    A year ago I followed the How-To "Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Mandriva 2008.1)". It has worked perfect for a year ....

    I'm sure you know where this is going. The default IMAP and POP3 certs that are generated with the Courier URPMI install/startup have expired, generating errors to the users.

    I looked through the forum and found some references to the problem in other distro how-to's, but the pem files mentioned that need to be replaced I can't even find with locate.

    I did find the scripts mkimapdcert and mkpop3cert, and updated the 365 day references and tried to rerun this scripts but received an error.

    Any ideas on how to update the tls/ssl certs for courier in this Mandriva distro?
     
    sgsterling, Oct 29, 2009
    #1
  2. falko

    falko Super Moderator Howtoforge Staff

    Have you tried to find the files with
    Code:
    locate cnf
    ?
     
    falko, Oct 30, 2009
    #2
  3. sgsterling

    sgsterling New Member

    Yes-- did a locate cnf, I get:

    locate cnf
    /etc/my.cnf
    /etc/pki/tls/openssl.cnf
    /usr/share/doc/mysql-common/my-huge.cnf
    /usr/share/doc/mysql-common/my-innodb-heavy-4G.cnf
    /usr/share/doc/mysql-common/my-large.cnf
    /usr/share/doc/mysql-common/my-medium.cnf
    /usr/share/doc/mysql-common/my-small.cnf
    /usr/share/mysql/my-huge.cnf
    /usr/share/mysql/my-innodb-heavy-4G.cnf
    /usr/share/mysql/my-large.cnf
    /usr/share/mysql/my-medium.cnf
    /usr/share/mysql/my-small.cnf
    /usr/share/webmin/acl/openssl.cnf
    /usr/share/webmin/blue-theme/mysql/images/cnf.gif
    /usr/share/webmin/mysql/edit_cnf.cgi
    /usr/share/webmin/mysql/save_cnf.cgi
    /usr/share/webmin/mysql/help/cnf.ca.html
    /usr/share/webmin/mysql/help/cnf.html
    /usr/share/webmin/mysql/help/cnf.it.html
    /usr/share/webmin/mysql/images/cnf.gif
    /usr/share/webmin/openvpn/openvpn-ssl.cnf

    Notice no imapd.cnf.

    And if I try to run /usr/sbin/mkimapdcert I get--
    error on line -1 of /etc/courier/imapd.cnf
    29833:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/etc/courier/imapd.cnf','rb')

    since the expected file doesn't exist. Mandriva Courier RPM must be the problem, maybe they changed the name of the file or something.
     
    sgsterling, Oct 31, 2009
    #3
  4. falko

    falko Super Moderator Howtoforge Staff

    I guess you need to create that file manually. Try something like this in it:


    Code:
    RANDFILE = /usr/lib/courier/imapd.rand

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=US
ST=NY
L=New York
O=Courier Mail Server
OU=Automatically-generated IMAP SSL key
CN=localhost
[email protected]


[ cert_type ]
nsCertType = server
     
    falko, Oct 31, 2009
    #4

Share This Page