Cyrus Certificate Authentication

This is probably of no interest to anyone whatsoever. Except me, in a few months time when I try and configure another mail server – and can’t remember how to generate certificates for Windows.

So first off, create the certificates for your Cyrus IMAP server (you’ve already set all that up, right?)

openssl req -new -nodes -out req.pem -keyout key.pem
openssl rsa -in key.pem -out new.key.pem
openssl x509 -in req.pem -out ca-cert -req \
-signkey new.key.pem -days 999
mkdir /var/imap
cp new.key.pem /var/imap/server.pem
rm new.key.pem
cat ca-cert >> /var/imap/server.pem
chown cyrus:mail /var/imap/server.pem
chmod 600 /var/imap/server.pem # Your key should be protected
echo tls_ca_file: /var/imap/server.pem >> /etc/imapd.conf
echo tls_cert_file: /var/imap/server.pem >> /etc/imapd.conf
echo tls_key_file: /var/imap/server.pem >> /etc/imapd.conf

Then generate the certificate for the client.

openssl pkcs12 -export -in server.pem -inkey server.pem -out iestuff.p12

You’ll need to add that iestuff to your trusted certificates – but that’s pretty much it ๐Ÿ™‚ No more annoying messages from Outlook.

Tags: , , , ,

One Comment

  1. Is this one of those Magic recipes for “The Best Christmas Pudding Ever” ?

    If it is, I’m not sure I’ll need it, as I don’t really like Christmas Pudding….but thanks anyway ๐Ÿ˜€

Leave a Reply?