[Dovecot] using signed certificates for TLS/SSL
Steffen Kaiser
skdovecot at smail.inf.fh-brs.de
Thu Feb 18 16:07:19 EET 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 18 Feb 2010, Arne K. Haaje wrote:
> I'm using the same certificate for dovecot and https. My settings in
> dovecot.conf are;
>
> ssl_cert_file = /etc/ssl/certs/hostname.pem
> ssl_key_file = /etc/ssl/private/hostname.key
>
> This part from the user guide is very important if you received a "bundle /
> chain" of CA certificates from Verisign;
>
> Chained SSL certificates
>
> Put all the certificates in the ssl_cert_file file. For example when using a
> certificate signed by TDC the correct order is:
>
> 1. Dovecot's public certificate
> 2. TDC SSL Server CA
> 3. TDC Internet Root CA
> 4. Globalsign Partners CA
Do I assume that the Verisign CA's root cert is part ofThunderbird by
default? Otherwise you would need to add the root cert manually.
Also, I have explicitly set the CA file in Dovecot:
ssl_ca_file =
Regards,
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBS31Jmr+Vh58GPL/cAQJfBwf9Fg6ItLJxj09RHCY/dp9nIMiAGsDEHGsQ
kS6p7iyOZSfxGPJcovTHU85lgZqF2VUWWhgpTfVp2xAm1XoNTDYz5sdErWkckBmf
iqWYkQl8kYChl3lQLcJMrN4Fv2t6Cp+IkaKaMVa7bo5pAX0byq2DatGfWSiUvrk3
BEOEoTrFz2DAk27TnzLNWuQ1CtyHlxDDjFSOJH1g1HoCeit6f4Vyc7p1llCV6P1r
6/IOcdLByeX/m38FJiP1/rhpv8O1zEfyGJuY0oL1nSF62wosMLXzZUkYwK6IN7cm
CytCyodEloKQhu0XzFHA0EJQ2eXWLsp8sCVt0GTymQaTURazgQ9aoQ==
=7FhN
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list