This is probably of no interest to anyone whatsoever. Except me, in a few months time when I try and configure another mail server – and can’t remember how to generate certificates for Windows.
So first off, create the certificates for your Cyrus IMAP server (you’ve already set all that up, right?)
openssl req -new -nodes -out req.pem -keyout key.pem
openssl rsa -in key.pem -out new.key.pem
openssl x509 -in req.pem -out ca-cert -req \
-signkey new.key.pem -days 999
cp new.key.pem /var/imap/server.pem
cat ca-cert >> /var/imap/server.pem
chown cyrus:mail /var/imap/server.pem
chmod 600 /var/imap/server.pem # Your key should be protected
echo tls_ca_file: /var/imap/server.pem >> /etc/imapd.conf
echo tls_cert_file: /var/imap/server.pem >> /etc/imapd.conf
echo tls_key_file: /var/imap/server.pem >> /etc/imapd.conf
Then generate the certificate for the client.
openssl pkcs12 -export -in server.pem -inkey server.pem -out iestuff.p12
You’ll need to add that iestuff to your trusted certificates – but that’s pretty much it 🙂 No more annoying messages from Outlook.