Hello,
I've a not really dovecot specific problem with my certificate. Since the OpenSSL documentation isn't what I expect to be at least good, I hope someone here can give me a hint how/where fo fix it; I've created a root-Certificate with almost untouched openssl.cnf and issued a server-certificate for dovecot. This cert and it's key I placed in somewhat like /var/dovecot. To state explicitly, away from it's superior root-cert.
So, a:
openssl s_client -connect server.tektoform.lan:993 -showcerts
ends up in:
unable to get local issuer certificate.
Althougt connections from clients are working, I prefer to set it up cleanly. Does openssl-clientlib looks up for openssl.cnf, where the place of root-CA-cert is denoted, or do I have to put all cert together in a single directory, or, or, or ...?
Or to be more verbose for "openssl s_client":
CONNECTED(00000003) depth=0 /C=DE/ST=Hamburg/L=Hamburg/O=d-dt/OU=lan/CN=server.tektoform.lan/emailAddress=hostmaster@tektoform.lan verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=DE/ST=Hamburg/L=Hamburg/O=d-dt/OU=lan/CN=server.tektoform.lan/emailAddress=hostmaster@tektoform.lan verify error:num=27:certificate not trusted verify return:1 depth=0 /C=DE/ST=Hamburg/L=Hamburg/O=d-dt/OU=lan/CN=server.tektoform.lan/emailAddress=hostmaster@tektoform.lan verify error:num=21:unable to verify the first certificate verify return:1
Thanks for your comments.
A
--