[Dovecot] chained ssl cert not working

[Chris Wakelin]

Timo Sirainen wrote:
> Well, I'm not sure how to say it much clearer. And I haven't tried it
> myself either, but it should be done in Dovecot the same way as it's
> done with every other server using OpenSSL. You could try to look up the
> same instructions for eg. Apache, Postfix, or whatever server.
> 
> But as far as I know, it should work just by putting all the
> certificates in the chain into a single file, and pointing Dovecot to
> read that file as the certificate. So the cert file would be something
> like:
> 
> -----BEGIN CERTIFICATE-----
> first cert
> -----END CERTIFICATE-----
> -----BEGIN CERTIFICATE-----
> second cert
> -----END CERTIFICATE-----
> 
> Hmm. I agree that the example names in the Wiki page can be a bit
> difficult to understand, unless you know what they mean. I'd guess it
> means there that Globalsign partners has signed TDC's CA certificate,
> which has signed TDC SSL Server CA's certificate, which has signed Local
> server public certificate.
> 

Well, I've just tried the chained certificate we were given by 
GlobalSign for another server, and it seems fine.

I pointed both ssl_key_file and ssl_cert_file at the same .pem containing :-

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

Best Wishes,
Chris



-- 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094