I'm really racking my brain trying to figure this one out here. I am running a pop3 server for remote offices on CentOS 5.2. We purchased a SSL cert from Verisign and installed it on our dovecot server, but I continue to get failure problems with the cert and I don't know where to go from here.
here is some info about our config:
dovecot version:
# dovecot --version
1.0.7
hostname: pop.x10.com
dovecot.conf: # dovecot -n # 1.0.7: /etc/dovecot.conf base_dir: /var/run/dovecot/ log_path: /var/log/dovecot.log protocols: pop3 pop3s ssl_ca_file: /etc/pki/verisign/intermediate_ca.cer ssl_cert_file: /etc/pki/dovecot/certs/pop.x10.com.cer ssl_key_file: /etc/pki/dovecot/private/pop.x10.com.key ssl_cipher_list: HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 verbose_ssl: yes login_dir: /var/run/dovecot//login login_executable: /usr/libexec/dovecot/pop3-login mail_executable: /usr/libexec/dovecot/pop3 mail_plugin_dir: /usr/lib/dovecot/pop3 pop3_client_workarounds: outlook-no-nuls auth default: passdb: driver: pam userdb: driver: passwd
and last but not least, here is my test from openssl. Mind you this fails as a "BAD" ssl cert in Evolution.
:~$ openssl s_client -ssl2 -connect pop.x10.com:995 CONNECTED(00000003) depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology, Inc./OU=Information Technology/OU=Terms of use at www.verisign.com/rpa (c)05/CN=pop.x10.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology, Inc./OU=Information Technology/OU=Terms of use at www.verisign.com/rpa (c)05/CN=pop.x10.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology, Inc./OU=Information Technology/OU=Terms of use at www.verisign.com/rpa (c)05/CN=pop.x10.com verify error:num=21:unable to verify the first certificate verify return:1 21568:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450:
As you can see, the certificate clearly fails. I don't know how to make this work at this point. Any thoughts or advice would be greatly appreciated.
-G