OT: Cyrus-imap openssl and Outlook

James Miller jimm at simutronics.com
Tue Sep 21 15:12:20 EDT 2004


I'm having a tuff time with Outlook 2000 and openssl.  Here's my situation:
I have cyrus-imapd 2.2.8 w/TLS enabled.  Basically I create my CA:
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days
3650 -config ./openssl.cnf

Then created my imap server cert/key and signed it with my CA:
openssl req -new -nodes -out req.pem -config ./openssl.cnf
openssl ca -out cyrus.pem -config ./openssl.cnf -infiles req.pem

create the cert/key file for cyrus
cat cyrus.pem privkey.pem > /var/lib/cyrus/cyrus.pem

Next I start the master process and everything starts fine.

When I start Outlook and open up the imap mailbox I get the following
message:
"The server you are connected to is using a security certificate that could
not be verified.
0x800b010f
Do you want to continue using this server?
Y/N"


The 0x800b010f error seems to indicate that the common name in the server
cert is not identical to the hostname but I'm sure that it is
(commonName_default	= mailbox.simutronics.com -- which is the FQDN of the
server)

Anyway, I choose yes and the imap mailbox opens fine, but, I would like to
get rid of the annoying message and have Outlook trust the cert.  I have no
problems importing both the RootCA cert and the server cert as trusted root
certificates but Outlook still complains:
openssl x509 -in cacert.pem -out cacert.crt
openssl x509 -in cyrus.pem -out cyrus.crt

I've even tried creating the RootCA and Server certs with the same CN values
(" mailbox.simutronics.com") and with different CN values (RootCA CN
"Mailbox Certificate Authority" -- Server cert CN
"mailbox.simutronics.com").  If there's any other info I can provide to help
figure this out please let me know -- I've attached my openssl.cnf, RootCA
and server cert as zip attachment if anyone cares to take a look.


Thank you in advance for your assistance,
--Jim

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssl_stuff.zip
Type: application/x-zip-compressed
Size: 5676 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20040921/d50da7af/ssl_stuff.bin


More information about the Info-cyrus mailing list