We have had UW imapd-2007e running fine for some time.
Recently our SSL certificate provider announced that we had to upgrade our
1024-bit certificate to 2048 before it was revoked.
The replacement they provided is not signed by a CA in the Mozilla store
(and hence OpenSSL which copies it) - it uses an intermediate certificate.
I got Apache to work by following instructions and defining
SSLCertificateChainFile
OpenLdap seems happy with the intermediate certificate added to the bundle
defined as TLSCACertificateFile.
But imapd does not. It uses a PEM file with both the key and
certificate, and the OpenSSL library. OpenSSL (at least, the "openssl"
shell command), uses the bundle in /etc/pki/tls/cert.pem. But Alpine, at
least, is unhappy if I just add the intermediate certificate to that.
Is there a solution ? Or should we just order a "proper" directly-signed
certificate ?
uw-imap-2007e
openssl-0.9.8e-20
CentOS 5.7
Linux 2.6.18 x86_64
--
Andrew Daviel, TRIUMF, Canada
_______________________________________________
Imap-uw mailing list
[email protected]
http://mailman2.u.washington.edu/mailman/listinfo/imap-uw
