You forgot to cc the list.

ssl_ca is used only for validating client certificates.

---
Aki Tuomi
Dovecot oy

-------- Original message --------
From: Marc Perkel <marc@perkel.com>
Date: 21/05/2018 18:25 (GMT+02:00)
To: Aki Tuomi <aki.tuomi@dovecot.fi>
Subject: Re: SSL error after upgrading to 2.31



On 05/21/2018 07:54 AM, Aki Tuomi wrote:
Does ssl_cert file contain intermediates?




No - but the ssl_ca does.

---
Aki Tuomi
Dovecot oy

-------- Original message --------
From: Marc Perkel <marc@perkel.com>
Date: 21/05/2018 16:32 (GMT+02:00)
To: dovecot@dovecot.org
Subject: SSL error after upgrading to 2.31

After upgrading to 2.31 I'm getting this error. Not sure what I'm doing wrong.

No (No signatures could be verified because the chain contains only one certificate and it is not self signed.)


ssl = yes

ssl_cert = </etc/exim/certs/ctyme.com.crt
ssl_key = </etc/exim/certs/ctyme.com.key
ssl_ca = </etc/exim/certs/ca.crt


local mail.ctyme.com {
  protocol imap {
    ssl_cert = </etc/exim/certs/ctyme.com.crt
    ssl_key = </etc/exim/certs/ctyme.com.key
    ssl_ca = </etc/exim/certs/ca.crt
  }

  protocol pop3 {
    ssl_cert = </etc/exim/certs/ctyme.com.crt
    ssl_key = </etc/exim/certs/ctyme.com.key
    ssl_ca = </etc/exim/certs/ca.crt
  }
}

local mail.junkemailfilter.com {
  protocol imap {
    ssl_cert = </etc/exim/certs/junkemailfilter.com.crt
    ssl_key = </etc/exim/certs/junkemailfilter.com.key
    ssl_ca = </etc/exim/certs/ca.crt
  }

  protocol pop3 {
    ssl_cert = </etc/exim/certs/junkemailfilter.com.crt
    ssl_key = </etc/exim/certs/junkemailfilter.com.key
    ssl_ca = </etc/exim/certs/ca.crt
  }
}