On Mo, 14.02.2005, 21:58, Nicolas Ledez wrote: > Hello, I have a Cyrus21 installation (Sarge). When I'm connect to cyrus > first time (after cyrus start) : > > [EMAIL PROTECTED]:~$ openssl s_client -connect my_host.my_domain.com:imaps > CONNECTED(00000004) > depth=1 /C=MY/ST=France/L=SmallTown/O=Toto/OU=Certification Services > Division/CN=Toto Root CA/[EMAIL PROTECTED] > verify error:num=19:self signed certificate in certificate chain > verify return:0
'Toto Root CA' seems to be a self signed certificate instead of an undependent certificate as your root certificate. You don't have to self sign a root certificate. > --- > Certificate chain > 0 s:/C=MY/ST=France/L=SmallTown/O=Toto/OU=Secure Imap > Server/CN=imap.winch.my/[EMAIL PROTECTED] > i:/C=MY/ST=France/L=SmallTown/O=Toto/OU=Certification Services > Division/CN=Toto Root CA/[EMAIL PROTECTED] > 1 s:/C=MY/ST=France/L=SmallTown/O=Toto/OU=Certification Services > Division/CN=Toto Root CA/[EMAIL PROTECTED] > i:/C=MY/ST=France/L=SmallTown/O=Toto/OU=Certification Services > Division/CN=Toto Root CA/[EMAIL PROTECTED] As I understood your chain you only should sign 'imap.winch.my' with 'Toto Root CA'. Then your chain would look like something --- Certificate chain 0 s:... /CN=imap.winch.my ... i:... /CN=Toto Root CA ... --- with s = signed and i = issuer. Christian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
