|
what canonical name for dovecot imaps cert/key?
Hi there
I have my servers behind a single I.P(my router's external I.P). I want to be able to get mail from dovecot, via imaps, from my internal LAN and from the Internet. So far i've only used dovecot from the LAN.
I'm just wondering about how to test if the dovecot.pem keyfile and dovecot.pem cert file were created correctly on my imaps server?. When i connect to my dovecot imaps server, mutt always asks me if i want to accept the certificate(every time i connect...even though i've opted for (a)lways accept on all previous connection attempts).
Another issue is that i was thinking that i might have put the incorrect canonical name when i used mkcert.sh to create the cert/keyfiles?. Bearing in mind that there is no mx record in DNS for the mail server(both my servers will be acessed using a name that is associated with my router's external i.p) the imaps server should have just this domainname as the canonical name when the cert/key is created right?. I think the cert was created using the full hostname+domainname. I have a webserver and a mail server and the domainname associated with my router's external i.p is the full name of the web server(hostname+domainname). So the canonical name i used when creating the cert/key, for my mail server, i think, was mailserver.webserver.domain.org. I understand that this might be wrong if mail is to be accessed from the LAN and the net, right?
How do i see if the name in the cert/key is what mutt expects with the openssl comandline tools? The cert/key needs to be regenerated using mkcert.sh and the canonical name set to just domainname(router's external I.P)? (i'm o.k with a self-signed cert/key).
Thank you very much for your time
|
