Problem solved. In my case I was using the 0.99.10.x release of dovecot, which does not recognize the ssl_ca_file directive. Upgrading to 1.0-test32 was step one. The next step was finding the right format for DST's root certificate. I think the format that finally worked was the format DST distributes for Apache Raven. Thanks!

On Mon, 2004-08-02 at 19:47, Zach Bagnall wrote:

It's probably not a matter of getting dovecot to recognise the certificate, it'll be getting the MUA to recognise the signer.

When you get the warning, can you click through to the certificate details and see what it says? Is it showing the signer as DST? Get DST to confirm that their CA is recognised and trusted by Outlook Express, Thunderbird, etc.

Zach.

On Fri, 30 Jul 2004 13:59:40 -0400, Mail Admin postmaster@psy.miami.edu wrote:

...

I bought a certificate from Digital Signature Trust which is a well known certificate authority. The reason I bought my certificate, was so that email clients connecting to my imaps server wouldn't be bothered with warnings of unrecognized certificate authority as they would see with a self-signed server certificate. However, I haven't been able to configure dovecot with my Digital Signature Trust signed certificate so that the unrecognized certificate authority warning doesn't appear.