[Dovecot] Dovecot SSL-Certificate
Adam Pordzik
adresseverbummelt at gmx.de
Mon Feb 21 02:04:02 EET 2005
Hello,
I've a not really dovecot specific problem with my certificate. Since
the OpenSSL documentation isn't what I expect to be at least good, I
hope someone here can give me a hint how/where fo fix it; I've created a
root-Certificate with almost untouched openssl.cnf and issued a
server-certificate for dovecot. This cert and it's key I placed in
somewhat like /var/dovecot. To state explicitly, away from it's superior
root-cert.
So, a:
openssl s_client -connect server.tektoform.lan:993 -showcerts
ends up in:
unable to get local issuer certificate.
Althougt connections from clients are working, I prefer to set it up
cleanly. Does openssl-clientlib looks up for openssl.cnf, where the
place of root-CA-cert is denoted, or do I have to put all cert together
in a single directory, or, or, or ...?
Or to be more verbose for "openssl s_client":
CONNECTED(00000003)
depth=0
/C=DE/ST=Hamburg/L=Hamburg/O=d-dt/OU=lan/CN=server.tektoform.lan/emailAddress=hostmaster at tektoform.lan
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
/C=DE/ST=Hamburg/L=Hamburg/O=d-dt/OU=lan/CN=server.tektoform.lan/emailAddress=hostmaster at tektoform.lan
verify error:num=27:certificate not trusted
verify return:1
depth=0
/C=DE/ST=Hamburg/L=Hamburg/O=d-dt/OU=lan/CN=server.tektoform.lan/emailAddress=hostmaster at tektoform.lan
verify error:num=21:unable to verify the first certificate
verify return:1
---
Thanks for your comments.
A
--
More information about the dovecot
mailing list