[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
ubuntu@ubuntu-bionic:~$ grep mkcert /etc/dovecot/conf.d/10-ssl.conf # root. Included doc/mkcert.sh can be used to easily generate self-signed ubuntu@ubuntu-bionic:~$ locate mkcert.sh /usr/share/dovecot/mkcert.sh Originally reported issue appears to be fixed now. ** Changed in: dovecot (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/59642 Title: mkcert.sh dovecot-openssl.cnf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/59642/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
/etc/dovecot/conf.d/10-ssl.conf, ll. 11-12: Included doc/mkcert.sh can be used to easily generate self-signed certificate [...] At the very least, the comment in the conf should be fixed. The way it is, I read that, locate'd unsuccessfully, scratched my head, did a web search and... here I am. Sub-optimal. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dovecot in Ubuntu. https://bugs.launchpad.net/bugs/59642 Title: mkcert.sh dovecot-openssl.cnf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/59642/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
/etc/dovecot/conf.d/10-ssl.conf, ll. 11-12: Included doc/mkcert.sh can be used to easily generate self-signed certificate [...] At the very least, the comment in the conf should be fixed. The way it is, I read that, locate'd unsuccessfully, scratched my head, did a web search and... here I am. Sub-optimal. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/59642 Title: mkcert.sh dovecot-openssl.cnf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/59642/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
I'll throw my weight behind adding mkcert.sh to the package. The rationale is that if you google for dovecot ssl you'll be presented with the dovecot.org wiki pages that describe using mkcert.sh. So naturally you're going to want to try that simple approach and will fail on Ubuntu. Simple self-signed certificates are perfectly fine in a homebrew network. When I'm out on the road, I just want an encrypted tunnel to the imap server (and smtp server) on my home network. I trust my own signed certs, so I don't need anything else. The lack of mkcert.sh in the Ubuntu package for dovecot makes life harder. -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dovecot in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
I'll throw my weight behind adding mkcert.sh to the package. The rationale is that if you google for dovecot ssl you'll be presented with the dovecot.org wiki pages that describe using mkcert.sh. So naturally you're going to want to try that simple approach and will fail on Ubuntu. Simple self-signed certificates are perfectly fine in a homebrew network. When I'm out on the road, I just want an encrypted tunnel to the imap server (and smtp server) on my home network. I trust my own signed certs, so I don't need anything else. The lack of mkcert.sh in the Ubuntu package for dovecot makes life harder. -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
** Changed in: dovecot (Ubuntu) Importance: Medium = Wishlist -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dovecot in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
** Changed in: dovecot (Ubuntu) Importance: Medium = Wishlist -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
you asked for examples of where your argument the current solution is adequate if not even a plus is not valid - creating certificates for use with cacert.org. I thought you agreed to this in comment 7. If I am mistaken, then please tell me how you think one should go about creating and recreating ssl certificates for use with cacert.org. Thank you. -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
On Mon, Aug 27, 2007 at 09:00:38AM -, Rolf Leggewie wrote: you asked for examples of where your argument the current solution is adequate if not even a plus is not valid - creating certificates for use with cacert.org. I thought you agreed to this in comment 7. You've completely lost me here. I thought you suggested using CACert.org instead of setting up a CA yourself? If I am mistaken, then please tell me how you think one should go about creating and recreating ssl certificates for use with cacert.org. Thank you. You don't create certificates for use with CACert. CACert is a CA, meaning *they* provide *you* with certificates based on CSR's. CACert documents how to create a CSR here: http://www.cacert.org/help.php?id=4 How did mkcert.sh help you in this respect? -- Soren Hansen Ubuntu Server Team http://www.ubuntu.com/ -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
There is a similar issue with apache2: See bug 77675. One suggestion could be to add a shell script to replace mkcert.sh that just tells the user to use the ssl-cert package. That way, all the documentation that refers to mkcert,sh is still valid and a pointer is given to use a better solution. -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
On Wed, Aug 01, 2007 at 02:58:02PM -, Rolf Leggewie wrote: Setting to won't fix. Rationale given a few comments up. What? How come you all of the sudden completely forgot about comment 6 and 7? Reopening. What makes you think I forgot about them? In comment 5, I said: Unless someone has good arguments against it, I'll reject this bug in about a week. Comments 6 and 7 are a bit of discussion about what to do instead of using mkcert.sh. How does the fact that the two of us agreed that CACert is a good solution constitute good arguments against closing the bug? You want a reference to CACert in the documentation or what? -- Soren Hansen Ubuntu Server Team http://www.ubuntu.com/ -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
Setting to won't fix. Rationale given a few comments up. What? How come you all of the sudden completely forgot about comment 6 and 7? Reopening. ** Changed in: dovecot (Ubuntu) Assignee: Soren Hansen = (unassigned) Status: Won't Fix = Confirmed -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
Setting to won't fix. Rationale given a few comments up. ** Changed in: dovecot (Ubuntu) Status: Confirmed = Won't Fix -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
We have the ssl-cert package to provide simple SSL-certificates. It also allows you to regenerate them easily (see the man page for make-ssl- cert). In my opinion, providing simple means for making self-signed certificates with custom information in it will just provide a false sense of security. If you want this, the proper way to do it is to set up a proper CA and install the root certificate on each machine that needs to authenticate the server. In short: I think the lack of these scripts is in fact a good thing. If your certificate is about to expire, make-ssl-cert is the solution. If you want your own info in the certificate, you should set up a CA (which is really not very difficult. There are plenty of howtos on that subject floating around). If you insist on doing this the wrong way, you can edit /usr/share/ssl-cert/ssleay.cnf. Be aware, though, that it's not a config file in the dpkg sense, so it *will* be overwritten when ssl-cert is updated (which happens very rarely). Unless someone has good arguments against it, I'll reject this bug in about a week. ** Changed in: dovecot (Ubuntu) Assignee: (unassigned) = Soren Hansen -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
I think I ran into this issue when trying to set up a certificate with cacert.org (you have to create it yourself). No need to set up my own CA for that which I think is over the top whether or not there are howtos floating around. I am not a security expert, but I was looking for an unobtrusive way to provide an SSL-secured web server that my clients can access adn exchange information in a a secure fashion. The cacert.org philosophy has a lot going for it me thinks. -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
Rolf, you are completely right. cacert.org is definitely a really good way to go about this. I can't believe I didn't think of it. -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
I've copied it from fedora, it works fine. -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
Just had the same problem. Setting to confirmed. ** Changed in: dovecot (Ubuntu) Importance: Undecided = Medium Status: Unconfirmed = Confirmed -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
/usr/share/doc/dovecot-common/configuration.txt.gz is also less than optimally worded to reflect the situation. Why first say do x and then unless you are on Debian. Well, we are on Ubuntu anyway ;-) -- mkcert.sh dovecot-openssl.cnf https://bugs.launchpad.net/bugs/59642 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 59642] Re: mkcert.sh dovecot-openssl.cnf
I have the same problem, the only difference is that I don't have dovecot-openssl.cnf on my system, dpkg -L on dovecot-(common|imapd|pop3d) do not show mkcert.sh and dovecot- openssl.cnf. This is annoying when you want to setup dovecot with SSL and there are no means to accomplish this with the Ubuntu package. -- mkcert.sh dovecot-openssl.cnf https://launchpad.net/bugs/59642 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs