[Dovecot] SSL cert problems.
Sahil Tandon
sahil at tandon.net
Thu Dec 25 19:00:58 EET 2008
Geoff Sweet wrote:
[Please do not top-post]
> Oh, ok once I added the -CAfile change the cert verifies without issue.
That's because you installed the intermediate cert on your client; this
should not be required.
> openssl s_client -ssl3 -CAfile ~/intca.cer -connect pop.x10.com:995
> -quiet
> depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
> Authority
> verify return:1
> depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use
> at https://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server
> CA
> verify return:1
> depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology,
> Inc./OU=Information Technology/OU=Terms of use at www.verisign.com/rpa
> (c)05/CN=pop.x10.com
> verify return:1
> +OK Dovecot ready.
>
> So does that mean I need to install the intermediate cert on all my
> clients that will be accessing this server? That's going to be a bit of
> a PITA...
No, you need to properly install and configure dovecot to see the
intermediate cert on your server. See:
http://www.verisign.com/support/advisories/page_040611.html
The article is quite dated, but might be helpful to you.
--
Sahil Tandon <sahil at tandon.net>
More information about the dovecot
mailing list