-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 21 Aug 2017, voy...@sbt.net.au wrote:
in order for end user to avoid webmail warnings or email client warnings,
do I make this file /etc/pki/dovecot/certs/dovecot.pem available to users
say under httpd://webhost/tld/certificate/dovecot.pem
Most likely yes. It should work regardless if the cert is self-signed or
not.
However, you could try to find the upper-most cert by running
openssl x509 -in /etc/pki/dovecot/certs/dovecot.pem -noout -text|less
Check out the Issuer and Subject near the top of the outout:
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd,
CN=dovecot.example.com/emailAddress=m...@example.com
Validity
Not Before: Aug 21 05:36:49 2017 GMT
Not After : Aug 21 05:36:49 2018 GMT
Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd,
CN=dovecot.example.com/emailAddress=m...@example.com
If both are the same, it's the correct one. Then you really have a
self-signed certificate. Otherwise hunt for the "issuer" cert and hand
that your users. That would be your CA cert.
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEVAwUBWZp0Tnz1H7kL/d9rAQJcIQf/ZwxUQPbiTEyQyPfyE+Xk/4AVrvgV7C3s
lBqeIfNT54UDlu8p7kzNRau1Kmt+nTwQWsLYBY5hlZmZ51RI0p1UbnKufNT3MBAZ
hOS0QdSvC6ZU2MzQb0tXRAIEP/dCWu1HlQSi/ov9Fp4UlYg5DsnQee9xwWucyIZb
a5nBKonHvaTJpj3YHYKVZojx215uFOFzOJ928khof7KwEqXmTEmTQ+bdLtTHVFWr
JSIdez3j1lUOpAmAgG05tAgGfwdArfx3DpVY8tIAEj5rRpZ4nfEM/lvPDndrzP0I
ovWb7FQDJrnv7t8YO8u3AxUQYUC/lHYtMzq4s9Dgm2LFEC3z9rbOoA==
=6qb8
-----END PGP SIGNATURE-----
