Mark Constable writes:
Courier 0.66.1 x86_64 and I just got a new RapidSSL certificate and restarted the esmtpd-ssl and imapd-ssl daemons and now I can't connect via SSL, with a client side error of...Trusted: NO, there were errors. The certificate authority's certificate is invalid and not trusted for this purpose... the certificate cannot be verified for internal reasons. Some googling indicated that the email address in the cert must be available for local authentication so I added it. The pems are not world readable and comprise a concatenated *.key and *.crt provided by the cert authority. RapidSSL chained from GeoTrust (I guess). Do I have to provide the CA file to courier?
Yes, if you're using a certificate signed by a CA that your client does not have in its built-in list of trusted CAs, and your CA's certificate includes a signature from a trusted CA, then you need to combine your CA's cert with your own cert. For Courier, convert your intermediate CA cert to a PEM format, if it's not already provided in PEM format, and concatenate it with your own cert file. I never remember if the intermediate cert must be before or after your cert in the certificate file. I believe after, so just append your CA cert file in PEM format to your own cert.
pgpGPc1HTjc7P.pgp
Description: PGP signature
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
