[Dovecot] SSL cert problems.

Sahil Tandon sahil at tandon.net
Thu Dec 25 19:00:58 EET 2008

Geoff Sweet wrote:

[Please do not top-post]

> Oh, ok once I added the -CAfile change the cert verifies without issue.

That's because you installed the intermediate cert on your client; this
should not be required.

> openssl s_client -ssl3 -CAfile ~/intca.cer -connect pop.x10.com:995
> -quiet
> depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
> Authority
> verify return:1
> depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use
> at https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server
> CA
> verify return:1
> depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology,
> Inc./OU=Information Technology/OU=Terms of use at www.verisign.com/rpa
> (c)05/CN=pop.x10.com
> verify return:1
> +OK Dovecot ready.
> So does that mean I need to install the intermediate cert on all my
> clients that will be accessing this server?  That's going to be a bit of
> a PITA...

No, you need to properly install and configure dovecot to see the
intermediate cert on your server.  See:

The article is quite dated, but might be helpful to you.

Sahil Tandon <sahil at tandon.net>

More information about the dovecot mailing list