[Bug 967545] New: Dovecot creates certificates in the wrong directory
http://bugzilla.opensuse.org/show_bug.cgi?id=967545 Bug ID: 967545 Summary: Dovecot creates certificates in the wrong directory Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: bnc-team-screening@forge.provo.novell.com Reporter: carlos.e.r@opensuse.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- See http://lists.opensuse.org/opensuse/2016-02/msg00967.html for the entire discussion. Dovecot (pop/imap daemon) needs creation of certificates in order to work. This is done via the script "/usr/share/doc/packages/dovecot/mkcert.sh", which creates and places them this way: /etc/ssl/certs/dovecot.pem /etc/ssl/private/dovecot.pem But apparently update-ca-certificates deletes them (so says Marcus Meissner). He suggest to write them to "/usr/share/pki/trust/", but this requires modification of the "mkcert.sh" of Dovecot. Freek de Kruijf suggests instead to "change the value of CERTDIR to $SSLDIR/private and CERTFILE to $CERTDIR/dovecot.crt in mkcert.sh". [...] "This means that both certfiles for dovecot go to $SSLDIR/private" [...] "Obviously in /etc/dovecot/conf.d/10-ssl.conf you need to adapt ssl_key and ssl_cert to point to these two files." I propose that the "/usr/share/doc/packages/dovecot/mkcert.sh" script be modified so that the certificates go to an appropriate directory for locally created certificates, and also the dovecot default configuration files adjusted for that change. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=967545
http://bugzilla.opensuse.org/show_bug.cgi?id=967545#c3
--- Comment #3 from Carlos Robinson
this is already fixed.
and mkcert.sh writes the dovecot.crt file to /etc/ssl/private/.
You are correct, the version on Leap 42.1 writes these two files: Gestor:/usr/share/doc/packages/dovecot # l /etc/ssl/private/ total 16 drwx------ 2 root root 4096 Feb 23 14:37 ./ drwxr-xr-x 3 root root 4096 Feb 17 17:07 ../ -rw-r--r-- 1 root root 847 Feb 23 14:37 dovecot.crt -rw------- 1 root root 916 Feb 23 14:37 dovecot.pem Gestor:/usr/share/doc/packages/dovecot # I was misled by the OP of the mail thread to believe he was using Leap. Obviously he is not. Sorry for the noise :-( -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com