ClearFoundation Tracker - ClearOS | |||||
View Issue Details | |||||
ID | Project | Category | View Status | Date Submitted | Last Update |
0002301 | ClearOS | app-imap - IMAP and POP Server | public | 2015-04-08 09:05 | 2021-04-22 07:19 |
Reporter | user2 | ||||
Assigned To | |||||
Priority | normal | Severity | feature | Reproducibility | have not tried |
Status | closed | Resolution | suspended | ||
Platform | OS | OS Version | |||
Product Version | |||||
Target Version | Fixed in Version | ||||
Summary | 0002301: Integrate certificate manager | ||||
Description | The IMAP server generates its own dummy set of certificates in /etc/pki/cyrus-imapd. Many clients barf on those certificates: - Example 1: 0002253 - Example 2: the certificates expire after a year, and some versions of Outlook don't like that At the very least, these dummy certificates should be replaced with the system certificates generated by the Certificate Manager as suggested in 0002253 In addition, the IMAP server should have a hook into 3rd party certificates as described in 0002300 (create a new tracker for this if required). A command line workaround is posted below. | ||||
Steps To Reproduce | |||||
Additional Information | Here's the procedure for implementing self-signed certificates into the IMAP server. 1) If you have not already done so, install and configure the ClearOS "Certificate Manager" app. This app creates proper self-signed certificates that can be used by various systems. 2) Copy the ClearOS certificates into the IMAP server configuration area: cp /etc/pki/CA/sys-0-cert.pem /etc/pki/cyrus-imapd/ cp /etc/pki/CA/private/sys-0-key.pem /etc/pki/cyrus-imapd/ chmod 640 /etc/pki/cyrus-imapd/*.pem chown root.mail /etc/pki/cyrus-imapd/*.pem 3) Update the IMAP server configuration to use the ClearOS certificates instead of the default localhost.localdomain certificates. In /etc/imapd.conf: tls_cert_file: /etc/pki/cyrus-imapd/sys-0-cert.pem tls_key_file: /etc/pki/cyrus-imapd/sys-0-key.pem tls_ca_file: /etc/pki/CA/ca-cert.pem 4) Restart the IMAP server: service cyrus-imapd restart At this point, your mail client will be presented with the certificates generated by the ClearOS Certificate Manager. If you still keep seeing the pop-up message after the first confirmation, import the "Certificate Authority" file from the ClearOS system, i.e.: - Go to "System - Certificate Manager" in the ClearOS menu - Click on "View" for the "Certificate Authority" - Click on "Install" to install the certificate (not all browser support this, so you may have to click on "Download" and then follow your web browsers instructions on how to import that file). | ||||
Tags | No tags attached. | ||||
Relationships | |||||
Attached Files | |||||
Issue History | |||||
Date Modified | Username | Field | Change | ||
2015-04-08 09:05 | user2 | New Issue | |||
2015-04-08 09:09 | user2 | Status | new => confirmed | ||
2017-09-20 13:26 | NickH | Note Added: 0006541 | |||
2017-09-20 15:25 | user2 | Note Added: 0006551 | |||
2021-04-22 07:19 | NickH | Note Added: 0015431 | |||
2021-04-22 07:19 | NickH | Status | confirmed => closed | ||
2021-04-22 07:19 | NickH | Resolution | open => suspended |
Notes | |||||
|
|||||
|
|
||||
|
|||||
|
|
||||
|
|||||
|
|