Integrate certificate manager
Migrated from: https://tracker.clearos.com/view.php?id=2301
Reported by: Peter Baldwin
The IMAP server generates its own dummy set of certificates in /etc/pki/cyrus-imapd. Many clients barf on those certificates:
- Example 1: 0002253
- Example 2: the certificates expire after a year, and some versions of Outlook don't like that
At the very least, these dummy certificates should be replaced with the system certificates generated by the Certificate Manager as suggested in 0002253 In addition, the IMAP server should have a hook into 3rd party certificates as described in 0002300 (create a new tracker for this if required).
A command line workaround is posted below:
- If you have not already done so, install and configure the ClearOS "Certificate Manager" app. This app creates proper self-signed certificates that can be used by various systems.
- Copy the ClearOS certificates into the IMAP server configuration area:
cp /etc/pki/CA/sys-0-cert.pem /etc/pki/cyrus-imapd/
cp /etc/pki/CA/private/sys-0-key.pem /etc/pki/cyrus-imapd/
chmod 640 /etc/pki/cyrus-imapd/*.pem
chown root.mail /etc/pki/cyrus-imapd/*.pem- Update the IMAP server configuration to use the ClearOS certificates instead of the default localhost.localdomain certificates. In /etc/imapd.conf:
tls_cert_file: /etc/pki/cyrus-imapd/sys-0-cert.pem
tls_key_file: /etc/pki/cyrus-imapd/sys-0-key.pem
tls_ca_file: /etc/pki/CA/ca-cert.pem- Restart the IMAP server
systemctl restart cyrus-imapd
At this point, your mail client will be presented with the certificates generated by the ClearOS Certificate Manager. If you still keep seeing the pop-up message after the first confirmation, import the "Certificate Authority" file from the ClearOS system, i.e.:
- Go to "System - Certificate Manager" in the ClearOS menu
- Click on "View" for the "Certificate Authority"
- Click on "Install" to install the certificate (not all browser support this, so you may have to click on "Download" and then follow your web browsers instructions on how to import that file).