Server certificate verification error with Dovecot 2.3.2.1
Joseph Tam
jtam.home at gmail.com
Thu Sep 13 09:43:23 EEST 2018
On Wed, 12 Sep 2018, Robert Gill wrote:
> I'm attempting to upgrade my Dovecot installation to 2.3.2.1. My SSL
> certificate authority provides a bundle containing their CA, plus
> intermediate CAs, which I configure using the 'ssl_ca' option. The
> comments in the configuration file say to only set this when you're
> requiring client certificates, which I'm not, but fetchmail complains
> with a "Server certificate verification error, Broken certificate chain"
> error if that setting is not set. This works fine with Dovecot 2.2.34.
Try creating your certificate by appending all your server and
intermediate certs in this order into one file
server certificate
intermediate certificate 1
intermediate certificate 2
...
where the chain works toward the root CA. You don't need the root CA as
your client ought to anchor the chain with its own CA store. Then set
the value of ssl_cert to this file.
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list