On Sun, Dec 31, 2006 00:59:54 AM +0100, Dr. Stephen Henson ([EMAIL PROTECTED]) wrote:
> Well the error you are getting is because the certificate > verification failed. One reason could be because the certs dir > isn't set up properly Sorry, what do you mean by "set up properly"? Some specific userid or something else? > or the self signed server certificate is not readable to the > fetchmail process. that dir and its files are world readable, I just checked. > A third possibility is that the server certificate has inappropriate > extensions. which extensions, exactly? > I looked at the document at: > > http://wanderingbarque.com/howtos/mailserver/mailserver.html > > it mentions how to generate a certificate but using the older CA.sh > shell script. The CA.pl perl script the is more up to date version. Weird. There is no such script in the official RPM for Centos 4.4: # rpm -q openssl openssl-0.9.7a-43.14 Should I file a bug report somewhere?? > I can't see any mention of creating a self signed certificate there > other than as in indirect consequence of the -newca option. The > procedure there is to generate a root CA to sign other certificates > with. > > If you want to just generate a self signed certificate and key you > can use the single command: > > openssl req -x509 -out sscert.pem -new -nodes -keyout sskey.pem -days 3650 > Hmmm, I see. So, if I cancel all the certs I've used so far and rerun that command on my server I should get _one_ couple {certificate / private key} which I can use for all these purposes: serve secure web pages from that server download email from that server via secure imap send email securely from my home mail client to the postfix running on that server right? Thanks again for your support! Marco ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
