I made a self-signed cert with OpenSSL (on a Solaris machine), and that worked just fine. I'm forced back to using it now.
However, we recently purchased a verisign "Pro" cert, and I can't figure out how to make that work.
If I do what I did before, and just combine the cert and the key in the imapd.pem file, it fails. An "openssl verify" shows that it's looking for a local signing cert. Okay, so I eventually figured out how to get both the root CA for verisign, and the Intermediate CA that was used for my cert (something to do with it being "pro", I think). If I put those in hash-named files, as openssl suggests, I can then "openssl verify" the cert/key pair. But that wasn't good enough for imapd either, and it didn't even appear to try opening the other files. So, I put those other two certs into the same file (imapd.pem) as the cert i received from Verisign, and the private key I made when generating the CSR to send to verisign.
Does anyone have any idea what's going on here? In most all cases, the imapd will invoke, but just hang in an 8k read, after already reading the 100-some bytes from the client. (With the self-signed cert, it would read those bytes in calls to read of the correct length. I should look in the code for that...)
Thank you much for your time.
- Chris
--
------------------------------------------------------------------
For information about this mailing list, and its archives, see: http://www.washington.edu/imap/c-client-list.html
------------------------------------------------------------------
