Le 17/09/2013 à 16:32, Dan Langille a écrit :
$ openssl s_client -connect imaps.unixathome.org:993 -quiet depth=0 /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster@unixathome.org
verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster@unixathome.org
verify error:num=27:certificate not trusted verify return:1 depth=0 /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster@unixathome.org
verify error:num=21:unable to verify the first certificate verify return:1
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
Somewhere, somehow, there is something vastly different and not working.
Hi,
Something is definitely wrong with your certificate chain. The first certificate listed in your chain (depth 2) should be StartCom's root CA, bearing "CN = StartCom Certification Authority", the 2nd one (depth 1) should be the intermediate cert, bearing "CN = StartCom Class 1 Primary Intermediate Server CA" and the last one (depth 0) should be yours.
You told in an earlier message that you had put the 3 certs (yours, then the intermediate, and then the root) in your crt file. Is it still the case ? If not, you really *must* do it, even if you find it makes no difference. Maybe there's another problem somewhere else, but this chain is a prerequisite for many clients to work.
Regards,
Bruno
--
- Service Hydrographique et Oceanographique de la Marine - DMGS/INF
- 13, rue du Chatellier - CS 92803 - 29228 Brest Cedex 2, FRANCE
Phone: +33 2 98 22 17 49 - Email: Bruno.Treguier@shom.fr