Kolab 3.3 and Snakeoil (aka Self Signed) Certificates

[Enrico Tagliavini]

Hi Foster,

I use a self made CA for my kolab installation. This is not really a self
signed certificate, the CA root cert is self signed indeed (as all root
certs), but the principle is the same for "normal" certificates and it
works as expected provided you add the CA to the trusted list (in debian
this can be done by putting the public cert in
/usr/local/share/ca-certificates/ and running update-ca-certificates, in
centos it is different FTR).

Self signed certs might not work since some application might simply refuse
them, for security reasons (or because they are actually generated
incorrectly). My suggestion would be to roll your own CA instead of using a
self signed certificate. You can use a program like XCA
http://sourceforge.net/projects/xca/ to manage it. It is a way easier and
more understandable than openssl CA.sh.

You can also request free certificates from some authorities, like
https://www.startssl.com/ . Granted this is the bare minimum, no wildcards
and such, but this is signed by a recognized CA.

Best regards.

Enrico

On 5 October 2014 00:23, Foster, Nate <nate.foster at puresolar.us> wrote:

> I'm getting ready to harden an installation of Kolab 3.3 (running on
> debian wheezy) however I need to use a snakeoil (self-signed) certificate.
> All the docs that I've read cover using a trusted certificate signed by an
> authority.
>
>
> Does anyone have any suggestions or know of documentation on using a
> snakeoil certificate?  I've tried a couple different approaches to get this
> to work however, I've had no success using my self signed certificate.
>
> Many thanks!
>
> Nate
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20141006/adecbcd2/attachment.html>