SSL Certificate not working with Thunderbird

May 1, 2014 1.2k views
DNS RECORD: $TTL 1800 @ IN SOA ns1.digitalocean.com. hostmaster.mydomainmame.us. ( 139... ; last update: 2014-04-24 13:14:59 UTC 3600 ; refresh 900 ; retry 1209600 ; expire 1800 ; ttl ) IN NS ns1.digitalocean.com. NS ns2.digitalocean.com. NS ns3.digitalocean.com. MX 0 mx.mydomainmame.us. @ TXT "v=spf1 ip4:IP_ADDRESS -all" dkim_domainkey TXT "v=DKIM1; p=" "MIGfMA0GCSqGSIb3DQEBAQUAA4..." mydomainmame.us. IN A 107.170.223.59 mx.mydomainmame.us. IN A 107.170.223.59 www.mydomainmame.us. CNAME mydomainmame.us. ping mydomainame.us PING mydomainame.us (107.170.223.59) 56(84) bytes of data. 64 bytes from mydomainame.us (107.170.223.59): icmp_seq=1 ttl=44 time=73.3 ms 64 bytes from mydomainame.us (107.170.223.59): icmp_seq=2 ttl=44 time=73.9 ms 64 bytes from mydomainame.us (107.170.223.59): icmp_seq=3 ttl=44 time=74.5 ms ping mx.mydomainname.us PING mx.mydomainname.us (107.170.223.59) 56(84) bytes of data. 64 bytes from mydomainname.us (107.170.223.59): icmp_seq=1 ttl=44 time=75.0 ms 64 bytes from mydomainname.us (107.170.223.59): icmp_seq=2 ttl=44 time=75.3 ms 64 bytes from mydomainname.us (107.170.223.59): icmp_seq=3 ttl=44 time=75.5 ms I got a Certificate from StartSSL and put the files in /etc/apache2/ssl ca.pem sub.class1.server.ca.pem private.key ssl.crt I put the certs and key on the server in the coorrect spot I edited the default file for apachee2 and restarted apache. I installed redmail and on one blue screen durring the instalation it said: Please specify your first virtual domain name It says it can not be the same as server name. I then entered mx.mydomainname.us because mydomainname.us is my host name. WAS THIS WRONG SHOULD mydomainname.us NAME BE ENTERED? https://stephenhenderson.us/mail worked and roundcube web mail reader poped up. ---So my certificte is installed and working on mydomainname.us somewhat MY PROBLEM: I can't get things working with mail clients Kmail or Thunderbiird. I go to set up a new mail account in Thunderbird name@mydomainname.us and password It adds a Outgoing mail server for me but defalts to smp.google.com The one it adds is mydomainname.us not mx.mydomainname.us, which I entered in the blue box above step while installin Iredmail. This is the one Thunderbiird auto adds. Descrip: Server Name: mydomainname.us Port: 587 User Name: name@mydomainname..us Authentication methed: Normal password Connection Security STARTTLS Here is what happens when I set this to my OUTGOING MAIL SERVER and try and send mail It wants to override how Thunderbird identifies my site mydomainname.us:587 when I try to send mail It say This Certificat belongs to a different site. It has a Get Certificate button but that dose nothing. It has a View Certificate when pushed it an when I do I get this: Could not verify this certificate because the issuer is not trusted. Issued To Common Name (CN) mx.mydomainname.us Organization (O) mx.mydomainname.us Organizational Unit (OU) IT Serial Number xx:xx:xx... Issued By Common Name (CN) mx.mydomainname.us Organization (O) mx.mydomainname.us Organizational Unit (OU) IT Valiidity Issued On xx/xx/xxxx Expires on xx/xx/xxxx Fingerprint SHA1 Fingerprint xx:xx:xx... MDS Fingerprint xx:xx:xx... ANYONE KNOW WHATS GOING ON IS THIS ALL BECAUSE I ENTERED mx.myservername.us ---instead of myservername.us in the blue box when installing I red mail.
1 Answer
Apache is set up to see the cert, but did you edit the configuration files for postfix or dovecot? Make sure the paths to the certs are pointing to the ones you downloaded:

/etc/postfix/main.cf

 
smtpd_tls_cert_file = /etc/apache2/ssl/ssl.crt
smtpd_tls_key_file = /etc/apache2/ssl/private.key
smtpd_tls_CAfile = /etc/apache2/ssl/ca.pem
smtpd_use_tls=yes


/etc/dovecot/dovecot.conf:

 
ssl = required
ssl_cert = </etc/apache2/ssl/ssl.crt
ssl_key = </etc/apache2/ssl/private.key
ssl_ca = </etc/apache2/ssl/ca.pem


Have another answer? Share your knowledge.