[Dovecot] SSL with startssl.com certificates
Noel Butler
noel.butler at ausics.net
Sat Sep 14 04:55:47 EEST 2013
On Fri, 2013-09-13 at 10:18 -0400, Dan Langille wrote:
> Perhaps I am doing the chain incorrectly. I just tried again. The
> server is now set up with the following:
>
> I have three certs in this chain file:
>
> cat imaps.unixathome.org.pem sub.class1.server.ca.pem ca.pem >
> testing.chain.pem
>
> 1 - the certificate issued by startssl for my server
> 2 & 3 - the PEM files for StartSSL as found at
> http://www.startssl.com/certs/
>
That is the correct chain method, and order
> $ openssl s_client -connect imaps.unixathome.org:993 -quiet
> depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
> Signing/CN=StartCom Certification Authority
> verify error:num=19:self signed certificate in certificate chain
Never panic about the above, it is just indicating (rightly so) you
have a local certificate (the first) in your chain.
>ssl_cert = </usr/local/etc/ssl/imaps.unixathome.org.crt
>ssl_key = </usr/local/etc/ssl/imaps.unixathome.org.nopassword.key
correct method, so long as the cert and key files are named correctly
and in the right location.
>ssl = required
Bit dangerous... and may be the cause of your problems, change to :
ssl = yes
We use startssl and have many android, blackberry, and iphone users
(maybe even win phone Lusers too ;) who knows) amongst desktop/laptop
types and never had any problems with them using startssl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: face-wink.png
Type: image/png
Size: 876 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130914/cc19c245/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130914/cc19c245/attachment.bin>
More information about the dovecot
mailing list