[Dovecot] using signed certificates for TLS/SSL

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Thu Feb 18 16:07:19 EET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 18 Feb 2010, Arne K. Haaje wrote:

> I'm using the same certificate for dovecot and https. My settings in
> dovecot.conf are;
>
> ssl_cert_file = /etc/ssl/certs/hostname.pem
> ssl_key_file = /etc/ssl/private/hostname.key
>
> This part from the user guide is very important if you received a "bundle /
> chain" of CA certificates from Verisign;
>
> Chained SSL certificates
>
> Put all the certificates in the ssl_cert_file file. For example when using a
> certificate signed by TDC the correct order is:
>
>   1. Dovecot's public certificate
>   2. TDC SSL Server CA
>   3. TDC Internet Root CA
>   4. Globalsign Partners CA

Do I assume that the Verisign CA's root cert is part ofThunderbird by 
default? Otherwise you would need to add the root cert manually.

Also, I have explicitly set the CA file in Dovecot:
ssl_ca_file =

Regards,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBS31Jmr+Vh58GPL/cAQJfBwf9Fg6ItLJxj09RHCY/dp9nIMiAGsDEHGsQ
kS6p7iyOZSfxGPJcovTHU85lgZqF2VUWWhgpTfVp2xAm1XoNTDYz5sdErWkckBmf
iqWYkQl8kYChl3lQLcJMrN4Fv2t6Cp+IkaKaMVa7bo5pAX0byq2DatGfWSiUvrk3
BEOEoTrFz2DAk27TnzLNWuQ1CtyHlxDDjFSOJH1g1HoCeit6f4Vyc7p1llCV6P1r
6/IOcdLByeX/m38FJiP1/rhpv8O1zEfyGJuY0oL1nSF62wosMLXzZUkYwK6IN7cm
CytCyodEloKQhu0XzFHA0EJQ2eXWLsp8sCVt0GTymQaTURazgQ9aoQ==
=7FhN
-----END PGP SIGNATURE-----


More information about the dovecot mailing list