[Dovecot] SSL Certificate Chain Support
Greetings.
I was wondering if there were any plans to add support for an SSL certificate chain file?
This is useful to provide a valid certificate chain for lower cost signing authorities.
I'm afraid that I'm not 100% positive of the implementation requirements. Although it does seem that OpenSSL supports this concept. I am aware that Apache HTTPD (via mod_ssl) and Courier-IMAP offer support for this feature.
Here's a link to information from the Apache HTTPD manual:
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslcertificatechainfile
Thank you for the continued development of a great project.
Matt
Matthew P. Cox wrote:
I was wondering if there were any plans to add support for an SSL certificate chain file?
I works right out of the box, at least with 1.0-tests.
Just put all chained certificates in ssl_cert_file, starting with local server public certificate and ending with root certificate of Verisign, Thawte, Globalsign or whatever CA.
-- Tomi Hakala
participants (2)
-
Matthew P. Cox
-
Tomi Hakala