On Mon, 28 Jul 2014, Dave Huang wrote:
http://www.washington.edu/imap/documentation/SSLBUILD.html makes it sound like there's no configuration setting for the key/certificate path. Putting a private key in /etc/openssl/certs sounds bad for security to me, but maybe I'm making it a bigger deal than it really is.
Well, the contents of certs directory are all set to 644, while the ca.key (in /etc/openssl/private/) is 600, so it also feels bad to me.
In any case, that page says, "The imapd.pem and ipop3d.pem must contain a private key and a certificate. The private key must not be encrypted." So, you'll need to find the file that contains the private key that matches that certificate, cat the key and the certificate together, and put the combined file at /etc/openssl/certs/imapd.pem
This works. But still not so sure that I want the key file to be world readable...
Why would the _server_ need to access they key? Wouldn't it make more sense for the _client_ to prove it possesses the key?
------------------------------------------------------------------------- | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com | | Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net | | Kernel Developer | | pgoyette at netbsd.org | -------------------------------------------------------------------------