On Mon, 26 Sep 2005, Nicole Skyrca wrote:
Hi Andy,
Right now I'm trying to solve the problem of why I get see the
"unable to get local issuer certificate" messages when running the
openssl s_client command. I'm not that familiar with ssl (or imap) and
I
don't know if this is normal or not, or if ssl is working properly.
Comodo sent an intermediate CA certificate
along with the signed ssl certificate, that I don't know what to do
with.
Short answer: IMAPS should be working fine on your server.
Long answer:
The CA certificate is used to verify the authenticity of your SSL
certificate (which has been signed by the CA certificate). The CA
certificate is needed on the client side of the connection, not the server
side, so there is no need to place it anywhere in the context of your
Cyrus imapd.conf file.
If Comodo is a generally recognized Certificate Authority, then their CA
certificate should already be distributed with most web browsers, email
clients, etc.
To summarize: The CA certificate is only needed by SSL clients, not SSL
servers.
Let me know if you have any more questions,
Andy
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
