dovecot and certificates

wrbbt · February 13, 2011, 11:29pm

I updated yesterday. Main change was from kde 4.5 to 4.6
Since then when I start kmail I have always a messagge about the certificate not applying to the given host.
I use kmail to connect to a dovecot imap server.
Everything worked fine before.
I know very little about certificates.
I tried to generate again the certificates (running /usr/share/doc/packages/dovecot/mkcert.sh) but I don’t know what else to do.
Any idea?

robin_listas · February 14, 2011, 1:03am

On 2011-02-13 23:36, wrbbt wrote:

> Since then when I start kmail I have always a messagge about the
> certificate not applying to the given host.

Is that the exact literal message?

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

wrbbt · February 14, 2011, 12:30pm

Thanks, Carlos for your answer. From your posts I got almost all I know about dovecot. So, let’s see if you can help me here too.

The exact message is:

“The server failed the authenticity check (localhost).
The certificate does not apply to the given host”

I click on “Continue” and then have another message:

“Would you like to accept this certificate forever without being prompted?”
If I click on “Forever” or “Only for this session” the result is the same. Everything works normally, but next time I start kmail I have to go through the same process.

robin_listas · February 14, 2011, 2:03pm

On 2011-02-14 12:36, wrbbt wrote:

>> Is that the exact literal message?
> Thanks, Carlos for your answer. From your posts I got almost all I know
> about dovecot. So, let’s see if you can help me here too.

Welcome

> The exact message is:
>
> “The server failed the authenticity check (localhost).
> The certificate does not apply to the given host”

Ahhh! Rings a bell. Change the configuration in the client so that it asks
for the real name of your computer instead of “localhost”. Ie, the result
of “hostname -f”.

I had a similar problem with evince.

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

wrbbt · February 14, 2011, 3:16pm

Gracias, Carlos.
It worked perfectly fine.

robin_listas · February 14, 2011, 4:08pm

On 2011-02-14 15:36, wrbbt wrote:

> Gracias, Carlos.
> It worked perfectly fine.

Good!
It is something to remember, then, this trick. No localhost, but full name.

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

wrbbt · February 14, 2011, 4:52pm

I owe you a beer.

But, why have I haven’t this problem before? It was set to localhost but it worked.

robin_listas · February 14, 2011, 5:33pm

On 2011-02-14 17:06, wrbbt wrote:
>
> I owe you a beer.
>
> But, why have I haven’t this problem before? It was set to localhost
> but it worked.

I have no idea. I think that dovecot by default allows plaintext on
localhost, so the certificate is not needed. But if the client uses tls, it
will fail, because it does not match.

It is a guess.

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

wrbbt · February 14, 2011, 6:09pm

OK. At least it works. It’s enough.
Thanks again