On Tue, 2005-09-20 at 13:24 -0400, John Peacock wrote:
blaq b0x wrote:
I'm trying to get apache, sendmail , and dovecot to use SSL certs signed by my own CA. I've got the apache certs working fine.
Did you remember to tell Dovecot what CA was use to sign the cert? You should have already extracted the trusted root public key for Apache's usage, so you should change this line:
# File containing trusted SSL certificate authorities. Usually not needed. #ssl_ca_file =
to point to the CA's trusted root file. SSL certs must have the entire chain available in order to be trusted.
Actually that's needed. Client cares about the CA, server doesn't. The above setting is used only when checking if client presenced a valid certificate under the CAs given in that file, and use that in authentication checks. Most clients don't support this at all.