I have the Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV) setup running very well now for a month or two but what is a bit annoying is that every time I (re)start Firefox to access my e-mail I get these warnings about the certificate not being aligned with the host (certificate is for localhost and when I access my mailserver it's via name.domain.dom). So, here's my question: how do I replace the generic certificate with one I created myself? Is this, as described in the perfect setup (for Ubuntu 5.10 in my case): mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' Whereby all the postconf stuff would be intended as an enhancement to the TLS setup as described in the Virtual Users with Postfix etc. HOWTO. Any risks if I do what's described above? I'm not running ISPConfig by the way.
Do you get the error message 1) when you send email or 2) when you access your pop3 I imap mailbox? 1) replace the postfix ssl certificate as you posted above. 2) Your problem is related to the certificates used by courier, not postfix.
It's not a real errormessage, more of a warning that the certificate is for another machine (localhost) than the host I'm connecting with. It happens when starting up Firefox (the only e-mail client I use) to connect with my IMAP server. So I guess that based on your response the issue is not with the Postfix certificates but with the Courier certificates. How do I fix those?
ou mean Thunderbird, not Firefox, I guess? Have a look here: http://www.howtoforge.com/forums/showthread.php?t=1168&highlight=mkimapdcert