I’m building an email server (inbound and outbout) to replace an old CentOS6 server that died the big death. I had dovecot running on the old server, but I built the server a long time ago and I’ve forgotten how it went.
The new server is Rockylinux 9.2. I installed dovecot and openssl. The instruction from RH 9.2 say the install should include /etc/pki/dovecot/certs/server.example.com.crt, /etc/pki/dovecot/private/server.example.com.key and /etc/pki/dovecot/certs/ca.crt. However, they do not.
Are these files in another location or have a different name? (locate didn’t find them.) Or, do I have to build them?
Using openssl? I tried thxt. But, instead of creating a .crt and .key, openssl created .pem files. The documentation is very confusing.
When I use Thunderbird to pull emails, I’m getting authentication error for the user. The ceftificate, when viewed, has the updates I used when I followed instructi9ns for new keys. 8 have to assume the new dovecot.pem file is being used. The documentation says nothing about using .pem instead of .crt and .kdys files.
I can see incomjng email in the /mail directory, but can’t read them using T-bird.
crt and key are just file extensions that allow you to easily see what is the cert and what is the private key for the cert. They are both in PEM format. So whether the generated files are ending in .pem, then all you need to do is figure out which one is the cert and which one is the key by looking at the contents of the two files, and then use them in your config files to configure ssl for dovecot.
Thank you. I found that after I posted. I’ve created a new key and cert, but getting authentication errors and connection resets. Here’s an extract from maillog.
Oct 30 13:45:10 orion dovecot[778929]: master: Dovecot v2.3.16 (7e2e900c1a) starting up for imap, pop3, lmt
p, submission (core dumps disabled)
Oct 30 13:46:44 orion sendmail[779193]: 39UIkhxF779193: [2.57.122.55] did not issue MAIL/EXPN/VRFY/ETRN dur
ing connection to MTA
Oct 30 13:49:11 orion dovecot[778931]: pop3-login: Disconnected: Connection closed: read(size=1026) failed:
Connection reset by peer (no auth attempts in 0 secs): user=<>, rip=192.168.1.10, lip=192.168.1.50, sessio
n=<khltfvMIk+LAqAEK>
Another maillog segment using localhost.localdomain as the imap server.
ct 30 14:10:42 orion dovecot[778931]: imap-login: Disconnected: Connection closed: SSL_accept() failed: er
ror:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): u
ser=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::ss
lv3 alert bad certificate: SSL alert number 42, session=<VhNoy/MIQIB/AAAB>
Oct 30 14:10:43 orion dovecot[778931]: imap-login: Disconnected: Connection closed: SSL_accept() failed: er
ror:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): u
ser=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::ss
lv3 alert bad certificate: SSL alert number 42, session=<SAhqy/MISoB/AAAB>
The client works for other imap servers but not this one.
Any ideas, suggestions? Why am I getting bad certificate alarms?
Thank you. I was confused ny the documentation using .crt and .key. My problem now is to be able to pull emails using T-bird…getting authentication errors.