Web lists-archives.com

Re: dumb question about SSL




On Fri, Jan 11, 2019 at 10:17:05PM +0000, mick crane wrote:
> I'm having a bit of bother with my home server thingy.
> does apache, roundcube, dovecot, cups.
> is buster.
> Is problem with roundcube communicating with dovecot or something. sending
> mail times out and the settings webpage isn't working whereas it was fine  a
> week ago.
> 
> It occurs to me I don't really understand how SSL works and if problem I
> have might be to do with that not understanding.
> You can make a self signed certificate, a public, private pair
> Apache says you can make one and Dovecot says you can make one.
> So are these SSL pairs separate things or one thing in one place that
> identifies the machine.
> What happens if connect to running apache  over encryption then connect to
> running dovecot over webmail with encryption, does it expect different keys
> ?
> I'm a bit confused about it.
> are the keys particular to the machine ? the domain ? the software ?
> 
> I dunno what I've done. I think I made some keys for apache the other day to
> see if I could get ssl working ( is just local so I don't really need it,
> but anyway ) but perhaps I made keys from dovecot documentation a year or so
> ago.
> 
> Perhaps there might be an issue that I changed my local domain from "local"
> to "home" in that time. Could that have anything to do with it ?
> 
There are so many variables involved here that it is difficult to guess
at what is going wrong.

Please post specific error messages that you are seeing, either in your
client applications or in the server logs.

> Should I delete all the ssl directories I can find to see if that helps ?
> 
That sounds rather extreme and seems likely to result in causing a
different set of problems.

I taught a class a little over two years ago specifically on SSL
certificate authority and server/client certificate creation and
deployment.  If you contact me off-list, I can email you the
documentation (I never got around to posting it online).  You might find
some useful things in there.

Regards,

-Roberto

-- 
Roberto C. Sánchez