| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Outlook message: "the server you are connected to is using a security certificate that could not be verified" This message appears because Outlook doesn't find a certificate for the IMAP-server on your client. You will have to import a certificate for the server on your client running Outlook. There are two possibilities to create the needed certificate: 1.) Create IMAPS self signed certificate (only for testing) cd to /usr/share/ssl Edit your 'openssl.cnf' to fit your needs. You can find further information under http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/ #openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -days 3650 -nodes -out certs/imapd.pem -keyout certs/imapd.pem #openssl x509 -in certs/imapd.pem -out imapd.crt Import the 'imapd.crt' on your client. Use 'internet settings' -> 'content' -> 'certificates'. 2.) Create Root Certificate and sign IMAPS cert cd to /usr/share/ssl Edit your 'openssl.cnf'. a) Create Root Certificate # openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 Using configuration from /usr/share/ssl/openssl.cnf Generating a 1024 bit RSA private key ....................++++++ ...................................++++++ writing new private key to 'private/cakey.pem' Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []:Your letter code State or Province Name (full name) []:Your State Locality Name (eg, city) []:Your City Organization Name (eg, company) [Your Organization]:yourdomain.tld Organizational Unit Name (eg, section) []:Your OU Common Name []:Root CA Cert Email Address []:admin@yourdomain.tld # vi serial Enter '01' into serial and save your settings. # touch index.txt # openssl x509 -in cacert.pem -out cacert.crt Import the Root Certificate 'cacert.crt' on your client. b) Create IMAP certificate request with address of imap-server as common name (CN) # openssl req -new -days 3650 -out imapreq.pem -keyout imapreq.pem Using configuration from /usr/share/ssl/openssl.cnf Generating a 1024 bit RSA private key ..........................................++++++ .................++++++ writing new private key to 'imapreq.pem' Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) []: State or Province Name (full name) []:Your State Locality Name (eg, city) []:Your City Organization Name (eg, company) []: Your Organization Organizational Unit Name (eg, section) []:Your OU Common Name []:imap.yourdomain.tld //use the domain name (fqdn) of your imap-server you have entered into Outlook Email Address []:admin@yourdomain.tld Please enter the following 'extra' attributes to be sent with your certificate request Challenge Password []:. An optional company name []:. c) Sign your imap certificate request with the root certificate # openssl ca -policy policy_anything -out imapca.pem -infiles imapreq.pem Using configuration from /usr/share/ssl/openssl.cnf Enter PEM pass phrase: Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'DE' stateOrProvinceName :PRINTABLE:'Your State' localityName :PRINTABLE:'Your City' organizationName :PRINTABLE:'yourdomain.tld' organizationalUnitName:PRINTABLE:'Your OU' commonName :PRINTABLE:'imap.yourdomain.tld' emailAddress :IA5STRING:'admin@yourdomain.tld' Certificate is to be certified until Apr 2 00:44:48 2004 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated d) Strip key from certificate request # openssl rsa -in imapreq.pem -out imapkey.pem read RSA key Enter PEM pass phrase: writing RSA key e) Strip certificate section from signed imap certificate # openssl x509 -in imapca.pem -out imapcacert.pem f) Join key and certificate to new imap-server certificate # cat imapkey.pem imapcacert.pem > ./certs/imapd.pem That's it!! It works great for me on RedHat 8.0 _______________________________________________ LinuxManagers mailing list - http://www.linuxmanagers.org submissions: LinuxManagers@linuxmanagers.org subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers
[Home] [Kernel List] [Linux SCSI] [Video 4 Linux] [Linux Admin] [Yosemite News] [Motherboards]