[Dovecot] How to configure ssl cert chain in dovecot 10-ssl.conf file
Gedalya
gedalya at gedalya.net
Tue May 21 04:41:03 EEST 2013
Interesting. Technically, every line of text should end with a newline.
Your files had the last line of text unterminated - that's the kind of
thing Windows text editors do.
On 05/20/2013 09:39 PM, Bu Xiaobing wrote:
> Gedalya,
>
> Thanks for your reply, it works now, and finally I find it was the format problem, there should been a return between there cert files when cat into one single file.
>
> On 2013-5-18 17:48, Gedalya wrote:
>> On 05/18/2013 05:06 AM, Bu Xiaobing wrote:
>>> I even cat mail.mymailserver.com.crt sub.class1.server.ca.pem certs/dovecot/ca.pem into one singe file, and define ssl_cert = < /path/to/the/singcertfile.pem, but it doesn't work too.
>> That should be the correct way, but I think there shouldn't be a space
>> after the < character.
>> What exactly is the error you are getting?
>>
>> You can troubleshoot with openssl s_client, this is from my server:
>>
>> $ openssl s_client -connect 192.168.xxx.xxx:143 -starttls imap -CApath
>> /etc/ssl/certs
>> CONNECTED(00000003)
>> depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate
>> Signing, CN = StartCom Certification Authority
>> verify return:1
>> depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate
>> Signing, CN = StartCom Class 1 Primary Intermediate Server CA
>> verify return:1
>> depth=0 description = 7t3YlXVfb6bVQ2pp, C = US, CN = mail.gedalya.net,
>> emailAddress = ______ at gedalya.net
>> verify return:1
>> ---
>> Certificate chain
>> 0
>> s:/description=7t3YlXVfb6bVQ2pp/C=US/CN=mail.gedalya.net/emailAddress=postmaster at gedalya.net
>> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
>> Signing/CN=StartCom Class 1 Primary Intermediate Server CA
>> 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
>> Signing/CN=StartCom Class 1 Primary Intermediate Server CA
>> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
>> Signing/CN=StartCom Certification Authority
>> 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
>> Signing/CN=StartCom Certification Authority
>> i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
>> Signing/CN=StartCom Certification Authority
>> ---
>>
More information about the dovecot
mailing list