Actually the proper way is this, Quite good url on how to be your Own CA
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/doc/myownca.html Look it up, modify it so you dont use des based pem's... See mine is like this (imapd.conf) tls_cert_file: /var/imap/cert.pem tls_key_file: /var/imap/key.pem tls_ca_file: /var/imap/CAcert.pem Works flawlessly. Of course it's self signed, but i haven't had a problem with a client complaining about that yet. --On Wednesday, May 15, 2002 4:35 PM -0700 Jeff Bert <[EMAIL PROTECTED]> wrote: >> If you look in the Archive thru whatever web mailing list you wish, there >> was someone who had mentioned using openssl how to create the CA, >> the key, >> and cert. >> >> Look it up, it'd be worth your time. >> > > No thanks, I wasn't asking for a HOWTO but for others' experiences. > > I had already read the cyrus-imapd documentation and it only recommends > using: > > tls_cert_file: /var/imap/cyrus-imapd.pem > tls_key_file: /var/imap/cyrus-imapd.pem > > but I have found that if I add: > > tls_ca_file: /var/imap/cyrus-imapd.pem > > with the way I created the cert it works flawlessly. > > Jeff > > >> --On Tuesday, May 14, 2002 7:33 PM -0700 jeff bert >> <[EMAIL PROTECTED]> wrote: >> >> > I've gotten cyrus-imapd-2.1.4 working with the unencrypted >> ports and have >> > now moved to getting the secure ports working. I created a self-signed >> > certificate using: >> > >> > [root@jabba imap]# openssl req -new -x509 -days 365 -nodes -config >> > /usr/lib/ssl/openssl.cnf -out cyrus-imapd.pem -keyout cyrus-imapd.pem >> > >> > and entering the information. >> > >> > My imapd.conf file has: >> > >> > tls_cert_file: /var/imap/cyrus-imapd.pem >> > tls_key_file: /var/imap/cyrus-imapd.pem >> > >> > And it seems to work but there is a delay of about 30 seconds when I >> > connect for the first time in an email clients session in my imapd log >> > file: >> > >> > May 14 19:20:33 jabba imap3d[2648]: TLS engine: cannot load CA data >> > >> > after that it works... >> > >> > Is this an error I need to be concerned about or is this just the >> > result of self-siging the certificate? >> > >> > Thanks, >> > >> > Jeff Bert >> > >> > >> >> >> >> > >
