[Dovecot] Dovecot SSL-Certificate

Adam Pordzik adresseverbummelt at gmx.de
Mon Feb 21 02:04:02 EET 2005


Hello,

I've a not really dovecot specific problem with my certificate. Since 
the OpenSSL documentation isn't what I expect to be at least good, I 
hope someone here can give me a hint how/where fo fix it; I've created a 
root-Certificate with almost untouched openssl.cnf and issued a 
server-certificate for dovecot. This cert and it's key I placed in 
somewhat like /var/dovecot. To state explicitly, away from it's superior 
root-cert.

So, a:

openssl s_client -connect server.tektoform.lan:993 -showcerts

ends up in:

unable to get local issuer certificate.

Althougt connections from clients are working, I prefer to set it up 
cleanly. Does openssl-clientlib looks up for openssl.cnf, where the 
place of root-CA-cert is denoted, or do I have to put all cert together 
in a single directory, or, or, or ...?


Or to be more verbose for "openssl s_client":

CONNECTED(00000003)
depth=0 
/C=DE/ST=Hamburg/L=Hamburg/O=d-dt/OU=lan/CN=server.tektoform.lan/emailAddress=hostmaster at tektoform.lan
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 
/C=DE/ST=Hamburg/L=Hamburg/O=d-dt/OU=lan/CN=server.tektoform.lan/emailAddress=hostmaster at tektoform.lan
verify error:num=27:certificate not trusted
verify return:1
depth=0 
/C=DE/ST=Hamburg/L=Hamburg/O=d-dt/OU=lan/CN=server.tektoform.lan/emailAddress=hostmaster at tektoform.lan
verify error:num=21:unable to verify the first certificate
verify return:1
---



Thanks for your comments.


A

-- 



More information about the dovecot mailing list