[solved]Re: HOWTO: Secure all Kolab Services

Johannes Kehrer Johannes at kehrer.by
Mon Apr 6 14:49:36 CEST 2015


Hi,
just for completeness:
The problem was, that in the tutorial I mentioned, the files
example.org.crt and example.ort.ca-chain.pem were copied to the 
..../tls/private directory, but later in the postfix configuration the directory 
..../tls/certs was stated. Copying the files to the certs directory solved the 
problem.

Just in case, someone else sees the same problem.....

Kind regards,
Johannes

Am Sonntag, 5. April 2015, 20:09:38 schrieb Johannes Kehrer:
> Dear All,
> Now I have found a pretty good tutorial how to secure the services:
> "https://gist.github.com/dhoffend/7008915".
> 
> However, if I follow the tutorial step by step, the following out is shown
> with the command "openssl s_client -showcerts -connect localhost:993":
> 
> "depth=0 C = DE, CN = mail.example.org, emailAddress = johannes at example.org
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 C = DE, CN = mail.example.org, emailAddress = johannes at example.org
> verify error:num=27:certificate not trusted
> verify return:1
> depth=0 C = DE, CN = mail.example.org, emailAddress = johannes at example.org
> verify error:num=21:unable to verify the first certificate
> verify return:1
> "
> 
> What puzzles me, is the message "unable to get local issuer certificate" and
> then "certificate not trusted".
> Can anybody explain?
> 
> Thankes,
> Johannes
> 
> Am Sonntag, 5. April 2015, 16:56:08 schrieb Johannes Kehrer:
> > Dear All,
> > I read the instructions to secure the Kolab Services on
> > "http://docs.kolab.org/howtos/secure-kolab-server.html".
> > I am using Centos 7
> > 
> > However, step 4 is not clear to me at all (sorry, if it is a naive
> > question):
> > 
> > It sais, Add an SSL group. In the example of the step it shows the
> > command
> > "# *chown root:mail /etc/pki/tls/private/example.org.key"*
> > 
> > Shouldn't it be "root:SSH"?
> > Which users have to be added to the group SSH?
> > 
> > Could anybody clarify?
> > 
> > Thanks in advance,
> > Johannes

-- 
Johannes Kehrer
Otto-Hahn-Weg 22
88046 Friedrichshafen
Germany

Tel.: +49 7541 5909784
Mobile: +49 170 9058278

Email: johannes at kehrer.by


More information about the users mailing list