(I sent this reply yesterday, but did not realize it only went to the author and not the list. Sorry about that.)
Chr. von Stuckrad said: > On Thu, Aug 14, 2003 at 12:05:19PM -0700, Marcus Redivo wrote: >> However, I have run into a snag: >> >> I have a trial certificate signed by Comodo using a second-level CA >> certificate, which is in turn signed by a GTE Cybertrust root >> certificate. The second-level certificate is not distributed with the >> usual browsers, so it must be supplied by the POP/IMAP server during >> session initiation. > > I believe we had to do the same and it worked by simply > concatenating all the necessary certificates into one > pem-File for ssl-pop/imap structured like this: > (The file really looks like this, I simply replaced > the 'asci-armored' _real_ certificate codes by one '...') Yes. I have now tried this and it works. Vielen Dank; many thanks. My tests and experience so far led me to believe that the Root-Certificate: section in your example below would be unnecessary, because the root certificate must be present on the POP/IMAP client. To confirm this, I added only the intermediate CA certificate to my file before testing. With that one addition, the POP client considered the certificate chain complete; the root certificate is not required in this file. Marcus Redivo http://www.eclectica.ca > ============================== ONE 'simap.pem' ================= > User-Private-Key: > -----BEGIN RSA PRIVATE KEY----- > ... > -----END RSA PRIVATE KEY----- > > User-Certificate: > -----BEGIN CERTIFICATE----- > ... > -----END CERTIFICATE----- > > CA-Certificate: > -----BEGIN CERTIFICATE----- > ... > -----END CERTIFICATE----- Following is not required, but apparently causes no harm ... > Root-Certificate: > -----BEGIN CERTIFICATE----- > ... > -----END CERTIFICATE----- > ================================================================ > > Yours Stucki (postmaster on holiday of mi.fu-berlin.de) Enjoy your holiday.
