[Dovecot] chained ssl cert not working

harryp at dmsnev.com harryp at dmsnev.com
Fri Jan 27 19:14:58 EET 2006 

Hey Chris and Tim thanks a bunch. I would like you to know that I am not a
total moron : ) . I have used certs in appache, IIS and postfix in the
past not to mention dovecot also. I just cant get dovecot to work with a
chained certs. I have been given excelent examples by both of you guys and
am going to give it another shot this weekend.

Thanks again.

> Timo Sirainen wrote:
>> Well, I'm not sure how to say it much clearer. And I haven't tried it
>> myself either, but it should be done in Dovecot the same way as it's
>> done with every other server using OpenSSL. You could try to look up the
>> same instructions for eg. Apache, Postfix, or whatever server.
>>
>> But as far as I know, it should work just by putting all the
>> certificates in the chain into a single file, and pointing Dovecot to
>> read that file as the certificate. So the cert file would be something
>> like:
>>
>> -----BEGIN CERTIFICATE-----
>> first cert
>> -----END CERTIFICATE-----
>> -----BEGIN CERTIFICATE-----
>> second cert
>> -----END CERTIFICATE-----
>>
>> Hmm. I agree that the example names in the Wiki page can be a bit
>> difficult to understand, unless you know what they mean. I'd guess it
>> means there that Globalsign partners has signed TDC's CA certificate,
>> which has signed TDC SSL Server CA's certificate, which has signed Local
>> server public certificate.
>>
>
> Well, I've just tried the chained certificate we were given by
> GlobalSign for another server, and it seems fine.
>
> I pointed both ssl_key_file and ssl_cert_file at the same .pem containing
> :-
>
> -----BEGIN CERTIFICATE-----
> -----END CERTIFICATE-----
> -----BEGIN RSA PRIVATE KEY-----
> -----END RSA PRIVATE KEY-----
> -----BEGIN CERTIFICATE-----
> -----END CERTIFICATE-----
> -----BEGIN CERTIFICATE-----
> -----END CERTIFICATE-----
> -----BEGIN CERTIFICATE-----
> -----END CERTIFICATE-----
>
> Best Wishes,
> Chris
>
>
>
> --
> --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
> Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
> IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
> Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094
>

More information about the dovecot mailing list