http://bugzilla.opensuse.org/show_bug.cgi?id=967545 Bug ID: 967545 Summary: Dovecot creates certificates in the wrong directory Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: bnc-team-screening@forge.provo.novell.com Reporter: carlos.e.r@opensuse.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- See http://lists.opensuse.org/opensuse/2016-02/msg00967.html for the entire discussion. Dovecot (pop/imap daemon) needs creation of certificates in order to work. This is done via the script "/usr/share/doc/packages/dovecot/mkcert.sh", which creates and places them this way: /etc/ssl/certs/dovecot.pem /etc/ssl/private/dovecot.pem But apparently update-ca-certificates deletes them (so says Marcus Meissner). He suggest to write them to "/usr/share/pki/trust/", but this requires modification of the "mkcert.sh" of Dovecot. Freek de Kruijf suggests instead to "change the value of CERTDIR to $SSLDIR/private and CERTFILE to $CERTDIR/dovecot.crt in mkcert.sh". [...] "This means that both certfiles for dovecot go to $SSLDIR/private" [...] "Obviously in /etc/dovecot/conf.d/10-ssl.conf you need to adapt ssl_key and ssl_cert to point to these two files." I propose that the "/usr/share/doc/packages/dovecot/mkcert.sh" script be modified so that the certificates go to an appropriate directory for locally created certificates, and also the dovecot default configuration files adjusted for that change. -- You are receiving this mail because: You are on the CC list for the bug.