On Sun, Dec 19, 2004 at 03:23:16PM +0100, Andrea Riela wrote: > Hi folks, > > I made my CA certificate for personal ssl connections.
Did you create your own CA? Or has some existing CA made a certificate for you for personal SSL connections? > I've installed that, and it works good with (for example) https, I > don't see the root certificate warning yet. When I try to connect to > bincimap with ucspi-ssl, I see always the root certificate warning, and > I don't know why. One reason could be that Binc doesn't serve the complete CA chain, because it doesn't know where it is. > my runscript is like that: > > CERTFILE="/var/qmail/certs/mail.crt" > KEYFILE="/var/qmail/certs/mail.key" > DHFILE="/var/qmail/certs/mail.dh" > CAFILE="/var/qmail/certs/nesys.ca" > CCAFILE="/var/qmail/certs/nesys.ca" > CADIR="/var/qmail/certs" > export CERTFILE KEYFILE DHFILE CAFILE CCAFILE CADIR Well, looks good.. Could you show us the output from: openssl x509 -text -noout -in mail.crt and openssl x509 -text -noout -in nesys.ca ? > If I would try the SSL support built-in bincimap, what I've to do? What you have done. > Normally I use a key file, a crt file and a ca file. I've to change > the bincimap.conf file, and use tcpserver instead of sslserver? Aha, you're using an SSL TCP server.. I see. Well, correct, change some of Binc's configuration and throw away sslserver. I would suggest trying that next. //Peter
