InstantSSL gives us *two* certificates: a host certificate and a CA certificate, i.e. a Comodo intermediate certificate. Can the UW imapd work with this certificate-plus-intermediate configuration? What do I need to do to prepare our new imapd.pem?
I don't know enough about this to give a guaranteed answer. Hey, I just wrote the code, what makes anyone thing I know anything! :-)
But anyway, it sounds to me that your host certificate is what would become your imapd.pem (and is a private key for imapd).
Separately, you want to install the CA certificate, including making the funny symlink via
ln -s Comodo.pem `/usr/local/ssl/bin/openssl x509 -noout -hash < Comodo.pem`.0
(substitute the CA certificate's file name for "Comodo.pem") which will make a symlink with an 8-digit hex value and an extension of .0 that points to the CA certificate's PEM file
The CA certificate is for Pine to be able to validate what IMAP offers; so the CA certificate should be publicly-readable and the imapd.pem should be read-protected.
-- Mark --
http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum.
