# mailserver problems with ssl certs mkpop3dcert [solved]

## Mgiese

hi, i am currently following this guide in order to set up my mailserver again :

http://www.gentoo.org/doc/en/virt-mail-howto.xml

i did everything as suggested but when i come to the point where i do have to create the SSL certificates, i am stuck :

```
/etc/init.d/courier-imapd-ssl start

or 

 /etc/init.d/courier-pop3d-ssl start
```

both scripts just give me an error : 

```
# mkpop3dcert

Generating a 1024 bit RSA private key

...................................++++++

..............++++++

writing new private key to '/etc/courier-imap/pop3d.pem'

-----

problems making Certificate Request

140274190419624:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=2

```

any idea what could be wrong ??

 in my /etc/courier-imap/imapd.cnf(and pop3d.cnf) i changed the C,ST,L,CN parameters...

any suggestions ?

----------

## cach0rr0

I'd highly recommend simply creating the certs the old-fashioned manual way, with openssl gendsa (no des3 - same way youd manually make a cert for e.g. apache)

automagic ways just tend to be epic fail in this regard. 

if you can recreate the same behaviour using openssl by itself, the culprit is a bit easier to sort

NB: if you arent married to courier - http://whitehathouston.com/documentation/gentoo/postfix_cyrus_vhost_howto.htm

----------

## Mgiese

fixed. 

```
Probably the country name is longer than 2 characters.
```

i`d "Germany" in there instead of "DE" (/etc/courier-imap/pop3d.cnf)

but thank you !

----------

