Hey Chris and Tim thanks a bunch. I would like you to know that I am not a total moron : ) . I have used certs in appache, IIS and postfix in the past not to mention dovecot also. I just cant get dovecot to work with a chained certs. I have been given excelent examples by both of you guys and am going to give it another shot this weekend.
Thanks again.
Timo Sirainen wrote:
Well, I'm not sure how to say it much clearer. And I haven't tried it myself either, but it should be done in Dovecot the same way as it's done with every other server using OpenSSL. You could try to look up the same instructions for eg. Apache, Postfix, or whatever server.
But as far as I know, it should work just by putting all the certificates in the chain into a single file, and pointing Dovecot to read that file as the certificate. So the cert file would be something like:
-----BEGIN CERTIFICATE----- first cert -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- second cert -----END CERTIFICATE-----
Hmm. I agree that the example names in the Wiki page can be a bit difficult to understand, unless you know what they mean. I'd guess it means there that Globalsign partners has signed TDC's CA certificate, which has signed TDC SSL Server CA's certificate, which has signed Local server public certificate.
Well, I've just tried the chained certificate we were given by GlobalSign for another server, and it seems fine.
I pointed both ssl_key_file and ssl_cert_file at the same .pem containing :-
-----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
Best Wishes, Chris
-- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094