[Dovecot] How to configure ssl cert chain in dovecot 10-ssl.conf file
Gedalya
gedalya at gedalya.net
Sat May 18 12:48:27 EEST 2013
On 05/18/2013 05:06 AM, Bu Xiaobing wrote:
> I even cat mail.mymailserver.com.crt sub.class1.server.ca.pem certs/dovecot/ca.pem into one singe file, and define ssl_cert = < /path/to/the/singcertfile.pem, but it doesn't work too.
That should be the correct way, but I think there shouldn't be a space
after the < character.
What exactly is the error you are getting?
You can troubleshoot with openssl s_client, this is from my server:
$ openssl s_client -connect 192.168.xxx.xxx:143 -starttls imap -CApath
/etc/ssl/certs
CONNECTED(00000003)
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate
Signing, CN = StartCom Certification Authority
verify return:1
depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate
Signing, CN = StartCom Class 1 Primary Intermediate Server CA
verify return:1
depth=0 description = 7t3YlXVfb6bVQ2pp, C = US, CN = mail.gedalya.net,
emailAddress = ______ at gedalya.net
verify return:1
---
Certificate chain
0
s:/description=7t3YlXVfb6bVQ2pp/C=US/CN=mail.gedalya.net/emailAddress=postmaster at gedalya.net
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 1 Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Class 1 Primary Intermediate Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
---
More information about the dovecot
mailing list