OT: Cyrus-imap openssl and Outlook
jimm at simutronics.com
Tue Sep 21 15:12:20 EDT 2004
I'm having a tuff time with Outlook 2000 and openssl. Here's my situation:
I have cyrus-imapd 2.2.8 w/TLS enabled. Basically I create my CA:
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days
3650 -config ./openssl.cnf
Then created my imap server cert/key and signed it with my CA:
openssl req -new -nodes -out req.pem -config ./openssl.cnf
openssl ca -out cyrus.pem -config ./openssl.cnf -infiles req.pem
create the cert/key file for cyrus
cat cyrus.pem privkey.pem > /var/lib/cyrus/cyrus.pem
Next I start the master process and everything starts fine.
When I start Outlook and open up the imap mailbox I get the following
"The server you are connected to is using a security certificate that could
not be verified.
Do you want to continue using this server?
The 0x800b010f error seems to indicate that the common name in the server
cert is not identical to the hostname but I'm sure that it is
(commonName_default = mailbox.simutronics.com -- which is the FQDN of the
Anyway, I choose yes and the imap mailbox opens fine, but, I would like to
get rid of the annoying message and have Outlook trust the cert. I have no
problems importing both the RootCA cert and the server cert as trusted root
certificates but Outlook still complains:
openssl x509 -in cacert.pem -out cacert.crt
openssl x509 -in cyrus.pem -out cyrus.crt
I've even tried creating the RootCA and Server certs with the same CN values
(" mailbox.simutronics.com") and with different CN values (RootCA CN
"Mailbox Certificate Authority" -- Server cert CN
"mailbox.simutronics.com"). If there's any other info I can provide to help
figure this out please let me know -- I've attached my openssl.cnf, RootCA
and server cert as zip attachment if anyone cares to take a look.
Thank you in advance for your assistance,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5676 bytes
Desc: not available
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20040921/d50da7af/ssl_stuff.bin
More information about the Info-cyrus