Security certificate confusion

3 posts / 0 new
Last post
#1 Fri, 01/31/2014 - 12:16
groston

Security certificate confusion

When I open Outlook, it pops up the "The server you are connected to is using a security certificate that cannot be verified." warning. When I click 'View Certificate', the one shown is issued by example.com. This is obviously some type of default, but I am not sure why I am seeing that.

I Went to Virtualmin->Server Configuration->Manage SSL Certificate. I created a Signing Request, then visited StartSSL and obtained a certificate. I then chose the tab Update Certificate and Key and entered the appropriate information. I then chose the tab CA Certificate and entered the appropriate information. I then restarted the SSH Server, the Apache Server (after modifying the conf file), and the postfix server (after modifying the conf file). [Side note: When I uncommented the lines in master.cf, all incoming email were rejected - the error message in maillog was Client host rejected: Access denied]

The Current Certificate tab shows 'This SSL certificate is already being used by : Postfix, Usermin, Webmin, Dovecot', but I still get the warning.

I did notice that the files /etc/postfix/postfix.cert.pem and /etc/postfix/postfix.key.pem are not the same as the files which were just created. since /etc/postfix/main.cf 'points' to these files, my guess is that this is the root cause of the problem. The files in /home/virtserver are: ca.pem, cub.class1.server.ca.pem, ssl.ca, ssl.cert, ssl.csr, and ssl.key.

I also cannot find the 'Install to Postfix' button to which many posts refer.

I am obviously missing a step - any suggestions?

Fri, 01/31/2014 - 13:54
andreychek

Howdy,

You may be running into a bug in the way Virtualmin handles SSL certificates on some machines.

There's actually a fix for that bug in the new Virtualmin version, which is in the process of being released (4.05). My suggestion would be to update to it when it's available, and then to try the process of copying out your Postfix certificate again, and see if that resolves your issue.

-Eric

Sat, 02/08/2014 - 17:20
groston

Eric,

I do not know if my experience is due to a bug. I do know that the problem was caused by the new security certificate files' not being copied over the default ones. Anyway, the problem is resolved.

Topic locked