TLS (SSL) Between Sendmail and Outlook
 

Hi all. I've been scouring google and this website for the past 2 days trying to get a resolution to my issue. I've set up Sendmail on an FC5 box. The only customers using Outlook through this server want SSL enabled. That's fine, I did that already as a default and just enabled it through the sendmail config. Now, my issue is that annoying message that pops up every time in Outlook when you first open it and send/receive.

Now, I'm a relative noob on setting up Sendmail. This is now my second time setting it up and even though both have worked, I'm sure it's not ideal. I'm also not an expert in the world of Linux, though I can hold my own. With that said, in this instance, I will need some hand holding.

Now, on to what I've done. I've followed some how-tos on setting up Sendmail with TLS and created 3 pem files in /etc/mail/certs and that is where my Sendmail config is pointing to. I have Dovecot configured for pop3 and imap access. I have the dovecot-openssl.cnf in /etc/pki/dovecot configured so that when I create the keys, they have the right information, namely that the CN matches what Outlook will connect to. In /etc/pki/dovecot/certs and /etc/pki/dovecot/private I have a dovecot.pem that was created. Following further instructions on how to create a .p12, I did that, from the dovecot.pem files, so that I could manually import the certificate into Outlook thinking that would resolve my issue.

Now, I can check the certificates in IE and see that it's there under Trusted Root Certification Authorities, is issued to and by the same server name that Outlook is connecting to, but every time I send/receive in Outlook, I'm prompted by that message. I'm completely at a loss here. The only thing that I can come up with is that my machine is bugged and it's not the actual certificates that are the issue. Can anybody else shed some light for me?

Thanks.

terminated in a root certificate which is not trusted by the trust provider.
You exported the certificate signed by your CA but you didn't export that root CA Certificate. IIGC it goes something like: "openssl pkcs12 -export -in dovecot.pem -inkey CA.key -out CA.p12" and then import the CA.p12 file in the Trusted Root Certification Authorities Store.

I think at this point, I don't quite understand the certificates and why I created what I created from the instructions I followed. That's probably where I'm getting lost at. So to give further information, here are the commands I followed while setting up Sendmail and Dovecot.

For sendmail, I did this:

Those are located in /etc/mail/certs

Then for Dovecot, I ran the mkcert.sh script which is configured to create the certs in /etc/pki/dovecot/certs and /etc/pki/dovecot/private

That script creates 2 files called dovecot.pem in their respective directories.

Now, what I don't understand is which ones am I supposed to use to create the export file. I think I've tried every combination, but I've yet to get it to work.

Also, I'm new to the certificate world, so I'm still trying to get a handle on them.

Once again, thanks for any assistance you can give!

Still looking for assistance. I haven't been able to figure this one out yet.

Thanks!

Maybe 2.4. Install the CA root certificate as a Trusted Root Certificate from the SSL Certificates HOWTO can help.

Trusting sendmail root CA
 

If the end user opens the site via IE, on the smtps/imaps ports, the certificates should install (with prompts) and thereafter Outlook will trust them.

i.e.

https://mail.yourhost.ca:465

and

https://mail.yourhost.ca:993