What I want to do:
Allow users to use my smtp (pop3 allready done) by email clients (ie. Outlook Express) without any stupid info, and not paying 3 party for verlifing cert
To do this I had setup ssl smtp. All if working fine. SSL pop3 works without any stupid infos, but when using SSL smtp outlook says:
A certificate you are connecting to is using a security certificate that cound not be verified.
A certificate chain processed, but terminated in a root certificate which is not trusted by trust provider
Do you want to continue using this server?
If clicked yes it works fine. So I want to elimiate this message
To do this I have to generate self signed Root CA and distributate it to users of my mail server.
here is described how to do it
I have whm/cpanel on my servers. So basicly ssl cert is the one that is generated throu WHM for WHM+cpanel. And it is in /usr/local/ssl/share/ssl/certs
I tried in many ways make this Root CA and import it into windows/outlook Root CA's store.
for example I tried to
openssl crl2pkcs7 -nocrl -certfile domain.com.crt -outform DER -out domain.com.pkcs7
there domain.com.crt was cert for WHM+cpanel
However all this failed and Outlook express still prints same message about not signed cert by root CA.
Any help will be apriciated on this one.