Mailinglist Archive: opensuse (982 mails)

< Previous Next >
Re: [opensuse] When connecting to my own dovecot server, Alpine complains that it is using self-signed certificates.
On 2014-09-01 13:00, Per Jessen wrote:
Carlos E. R. wrote:

That google thing finds 51,300 results. Polishing to "create your own
certificate authority opensuse" gets 21,300 results - and none of
those I read mentions that there is a YaST module that creates your
own local CA!

Ok, so I create an authority. But now I don't know how to add or sign
the dovecot certificate with it.

Once you have established yourself as a CA, you then act like one. With
your user hat on, you create a certificate and a signing request and
send it to your CA, i.e. yourself.

I thought that might be so, but no idea how to do that :-?

You put your CA hat on etcetera.

I see that YaST has a tab labeled "requests". I can "import", "Add",
"Request". I think that the request I create with the user hat I have to
enter on the "Add" button, and signed on the "Request" button.

Thanks, that puts me further :-)

What I had done was create, in YaST, a server certificate, and I
was looking at copying/exporting/whatever to be used by dovecot.
What you say about "sending" the request looks better, but I
don't know how to do that.

I still need to learn what to do as "user". I guess I must create some file.

It is a pretty well documented process, even if a bit cumbersome.

Not very well documented - specially the yast part. The only one I found
was on google books, on this link:

http://books.google.es/books?id=-jzcJkXTLuUC&pg=PA403&lpg=PA403&dq=create+your+own+certificate+authority+YaST&source=bl&ots=vI3LgdSUwx&sig=ubXetOzb7logfIJuzHXwEOqY_s8&hl=en&sa=X&ei=c6wDVKXQKJPiaqfqgvgC&redir_esc=y#v=onepage&q=create%20your%20own%20certificate%20authority%20YaST&f=false

There are some pages posted from "The Definitive Guide to SUSE Linux
Enterprise Server" By Sander van Vugt, which does explain how to use
YaST to do these things. It was there where I found some details on how
to create a root certificate, and a server certificate. But the excerpt
is not complete, there are missing pages, I suppose on purpose so that
people buys the book - which at 56€ I'm not in a a position to do.

The own openSUSE documentation does not explain things, it just about
says "click create to create a certificate". Interesting...


I don't know to what extent any of this can be done with YaST, but none
of it is specific to openSUSE.

It is not that simple to locate a good document on google. I have
perused some docs I found from there, and none too clear.

Maybe if someone gives me a suggestion for a string to search for
"sending certificate for signing"... ;-)

(that phrase locates entries on how to sign email)


Searching for "ssl certificate signing" instead, on google suggestion, I
located one entry:
<http://www.sslshopper.com/what-is-a-csr-certificate-signing-request.html>

Apparently it would be this:

openssl req -new -keyout server.key -out server.csr

to generate both a key and a CSR, which stands for "Certificate Signing
Request". So it must be similar to that, as I already have the
certificate made (a script on dovecot does it).

Mmm... I could just modify the entry on the dovecot script to also
create the request, and run the script again...

$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE
-keyout $KEYFILE -days 365 || exit 2
chmod 0600 $KEYFILE
echo
$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2


Wait... The $CERTFILE above would be it? But it is called
"$CERTDIR/dovecot.pem", not *.csr?

--
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)

< Previous Next >
Follow Ups
References