Koozali.org: home of the SME Server

Creating custom wildcard cacert.org certificate

Offline ldkeen

  • *
  • 401
  • +0/-0
Creating custom wildcard cacert.org certificate
« Reply #15 on: December 12, 2006, 11:42:33 AM »
Shad,

This is brilliant work, I've been trying for ages to get this working - I even bought a cheap SSL certificate (which I couldn't work out how to use). Your instructions worked like a dream and now I don't get those annoying warnings anymore. Thanks heaps.

Quote from: "dmay"
There are lines wraps in your displayed code

I came across this as well but I think it's more to do with how you copy the code - not the code itself. I'm not sure, but I just used dos2unix to strip out the carriage returns and all was well.
Code: [Select]
#dos2unix cacert_csr_request
Lloyd

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
old certs
« Reply #16 on: December 12, 2006, 04:45:24 PM »
should we be deleting the old crts and keys before we
signal-event config-console

Maybe this is why it is not working for me...

Offline pmstewart

  • *
  • 73
  • +0/-0
Creating custom wildcard cacert.org certificate
« Reply #17 on: December 12, 2006, 06:17:29 PM »
I have recently re-installed SME 7....posting the contents is not possible.

There is so much information in the contribs about ssl certificates it's hard
to know which one's work in which situations.

Thanks for the reply

Offline Smitro

  • *
  • 348
  • +0/-0
Creating custom wildcard cacert.org certificate
« Reply #18 on: December 19, 2006, 01:27:14 AM »
Because of errors in IE7 with webmail. I'm wanting to get my SSL certs sorted out. Is it possible for some one who has done this successfully to put it into a how to on the Wikki? it's a little confusing atm and for what it seems different people came out with different solutions. I have a test box here that I'm willing to test it on if some one is able to write up the how to.

Thanks.
.........

Offline stephen noble

  • *
  • 607
  • +1/-0
    • Dungog
Creating custom wildcard cacert.org certificate
« Reply #19 on: December 19, 2006, 02:01:03 AM »
Ignore all other methods, this is the definitive guide

the only area this howto could be clarified are the steps you should take at cacert.org, shad did mention what you need to achieve just not how you do it

<snip>
> Also you will need to have all domains registered with your cacert.org account.


each howto needn't go into how to edit files or set db values

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
Creating custom wildcard cacert.org certificate
« Reply #20 on: December 19, 2006, 02:38:27 AM »
Quote from: "Smitro"
Because of errors in IE7 with webmail. I'm wanting to get my SSL certs sorted out. Is it possible for some one who has done this successfully to put it into a how to on the Wikki? it's a little confusing atm and for what it seems different people came out with different solutions. I have a test box here that I'm willing to test it on if some one is able to write up the how to.

Thanks.


The howto is in the first post.

Register you domains at Cacert first.
Regards,
William

IF I give advise.. It's only if it was me....

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
mail still using old cert
« Reply #21 on: January 28, 2007, 08:14:03 AM »
I have finally figured out how to install these certs and get everything working.  When I open Safari and Firefox it does not ask me to look at the certificates any more.

However I am using imap ssl and smtp ssl
mail.app is still asking for me to look at the old certs ie: sme.domain.com instead of domain.com

Then once I rebooted everythings was ok

I thought I would put this in for everyone else

Offline mcp_dk

  • *
  • 34
  • +0/-0
    • http://lillenet.dk
Re: Error while generating cert
« Reply #22 on: February 09, 2007, 04:23:58 PM »
Quote from: "slords"
Quote from: "pmstewart"
error on line 7 of sitbs.com.config
4404:error:0E066065:configuration file routines:CONF_load_bio:missing equal sign:conf_def.c:366:line 7
Closing openssl pipe reported:  at ./cacert_csr_request line 74


Please post the output of the sitbs.com.config file.


I got this exact same error. DId you ever manage to find out what caused it?
Who is General Failure and why is he reading my harddrive?

Offline slords

  • ****
  • 235
  • +3/-0
Creating custom wildcard cacert.org certificate
« Reply #23 on: February 09, 2007, 04:26:17 PM »
The config file was never posted so it was never fixed.  Post your config file and lets see what the issue is.
"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs,
and the Universe trying to produce bigger and better idiots. So far, the Universe is winning." -- Rich Cook

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
Creating custom wildcard cacert.org certificate
« Reply #24 on: March 17, 2007, 03:07:19 AM »
Slords, I create a page in the wiki HowTo. Check if are all ok, and thank you to your contrib.

Offline cjensen

  • *
  • 133
  • +0/-0
    • http://acenet-tech.org
Re: Error while generating cert
« Reply #25 on: March 28, 2007, 04:37:51 AM »
Quote from: "slords"
Quote from: "pmstewart"
error on line 7 of sitbs.com.config
4404:error:0E066065:configuration file routines:CONF_load_bio:missing equal sign:conf_def.c:366:line 7
Closing openssl pipe reported:  at ./cacert_csr_request line 74


Please post the output of the sitbs.com.config file.


Quote from: "mcp_dk"

I got this exact same error. DId you ever manage to find out what caused it?

This error is from your not correcting any line wraps in the script.  Look at the script. Lines must not wrap.

CJensen

Offline pmstewart

  • *
  • 73
  • +0/-0
Creating custom wildcard cacert.org certificate
« Reply #26 on: March 28, 2007, 03:09:29 PM »
Sorry, I wasn't watching the thread like I should have.

Quote


[root@~]# cat /root/cacert/domain.com.config
HOME = .
RANDFILE = $ENV::HOME/.rnd

[ req ]
default_bits = 1024
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[ req_distinguished_name ]
CN = domain.com

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
subjectAltName = critical,DNS:domain.com,DNS:*.domain.com


hope this helps.......

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
upgrade 7.1.3 no https from outside
« Reply #27 on: April 17, 2007, 05:11:56 PM »
I have upgraded to the current version and now I can access https:// only from inside the network not from the outside. Could this have anything to do with these certs? I can still access my imaps from outside.

any ideas where to look?
edit just found this post about certs being reset
http://forums.contribs.org/index.php?topic=36334.0

Offline shell

  • ***
  • 117
  • +0/-0
Creating custom wildcard cacert.org certificate
« Reply #28 on: May 16, 2007, 05:20:57 AM »
trying the process from this thread but after running the script
(which doesn't ask for input):?
i have the script and 3 files - all for my primary domain.  

i assume i am wanting the .key, .csr and .config for the other domains on my server, so if there are 4 virtual domains i would be expecting 12 other files.

anyone know if this process is still valid?  running 7.1.3
or more likely i'm doing something wrong...

WHICH I WAS!!!
"This will create a certificate that includes all domains that exists on your sme box as both simple domain.com and wildcard *.domain.com."
Have noted the "a certificate"
My beef.... sorry :oops:

cosmin

CA Certificate and Webmail
« Reply #29 on: May 21, 2007, 01:19:06 PM »
After install a new CA Certificate I can no longer connect to webmail. In logs i have:

May 20 22:46:34 main HORDE[4221]: [imp] FAILED LOGIN 85.186.x.x to localhost:143[imap/notls] as cosmin [on line 258 of "/home/httpd/html/horde/imp/lib/Auth/imp.php"]

2007-05-20 22:46:34.731791500 imapfront-auth[7672]: * OK imapfront ready.
2007-05-20 22:46:34.734150500 2007.05.20 19:46:34 LOG5[7671:3086706368]: Using 'imap' as tcpwrapper service name
2007-05-20 22:46:34.738671500 2007.05.20 19:46:34 LOG3[7671:3086706368]: Error reading certificate file: imapd.pem
2007-05-20 22:46:34.738792500 2007.05.20 19:46:34 LOG3[7671:3086706368]: SSL_CTX_use_certificate_chain_file: error:0906D066:PEM routines:PEM_read_bio:bad end line
2007-05-20 22:46:34.758962500 tcpsvd: info: end 7671 exit 1
2007-05-20 22:46:34.758969500 tcpsvd: info: status 0/400

What I must do to make it work? For now I have delete the .crt and .key files and remove them from config too and webmail works again (but it keep say that certificate is wrong)

Thanks