[Dovecot] Dovecot SSL-Certificate
Magnus Holmgren
holmgren at lysator.liu.se
Mon Feb 21 04:12:17 EET 2005
Adam Pordzik wrote:
> Hello,
>
> I've a not really dovecot specific problem with my certificate. Since
> the OpenSSL documentation isn't what I expect to be at least good, I
> hope someone here can give me a hint how/where fo fix it; I've created a
> root-Certificate with almost untouched openssl.cnf and issued a
> server-certificate for dovecot. This cert and it's key I placed in
> somewhat like /var/dovecot. To state explicitly, away from it's superior
> root-cert.
>
> So, a:
>
> openssl s_client -connect server.tektoform.lan:993 -showcerts
>
> ends up in:
>
> unable to get local issuer certificate.
>
> Althougt connections from clients are working, I prefer to set it up
> cleanly. Does openssl-clientlib looks up for openssl.cnf, where the
> place of root-CA-cert is denoted, or do I have to put all cert together
> in a single directory, or, or, or ...?
>
If you have clients using OpenSSL, libssl will look for root
certificates by looking for a file named <hash>.0 in the certs directory
(/etc/ssl/certs on Debian), where <hash> is the string you get if you
pass the certificate to "openssl x509 -hash" (see x509(1ssl)).
Typically, you create a symlink by that name to the more readably-named
certificate file.
I hope that helps!
--
Magnus Holmgren
Linköping, Sweden
More information about the dovecot
mailing list