[Dovecot] SSL with startssl.com certificates
Dan Langille
dan at langille.org
Fri Sep 13 19:51:32 EEST 2013
On 2013-09-13 10:18, Dan Langille wrote:
> On 2013-09-13 09:18, Oscar del Rio wrote:
> On 09/13/13 07:59 AM, Dan Langille wrote:
> I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for
> personal use (i.e. only me).
>
> I have success with self-signed certificates but not with others (e.g.
> StartSSL.com)
>
> /usr/local/etc/ssl/imaps.unixathome.org.crt contains only the cert
> issued by StartSSL
>
>
> Maybe you are missing some of the certificate chain.
> http://wiki2.dovecot.org/SSL/DovecotConfiguration
> "Chained SSL certificates"
>
> I tried that yesterday and it seemed to make no difference.
> My attempts were based on
> http://openssl.6102.n7.nabble.com/check-certificate-chain-in-a-pem-file-td43871.html
>
> Perhaps I am doing the chain incorrectly. I just tried again. The
> server is now set up with the following:
>
> I have three certs in this chain file:
>
> cat imaps.unixathome.org.pem sub.class1.server.ca.pem ca.pem >
> testing.chain.pem
>
> 1 - the certificate issued by startssl for my server
> 2 & 3 - the PEM files for StartSSL as found at
> http://www.startssl.com/certs/
The following test seems to indicate I have SSL configured correctly:
http://www.sslshopper.com/ssl-checker.html#hostname=imaps.unixathome.org:993
A similar test from http://www.digicert.com/help/ does not find an
issue.
Even better, this test shows the certs it finds:
http://certlogik.com/ssl-checker/
Not sure what to conclude yet.
More information about the dovecot
mailing list