Ken Teh wrote:
>
> I have a root cert from Thawte and I'm trying to figure out where it's
> supposed to go.
>
> I have Redhat's imap-2000 with ssl support running on my mail server. It
> has a certificate issued to it by Thawte. I have no problems with mail
> clients like Netscape Messenger, etc., but I cannot connect to my imap
> server with pine-4.30 (also from Redhat with ssl support). It says "Unable
> to get local issuer's certificate".
>
> Anyway to make a long story short, I got a copy of Thawte's root cert and I
> checked connecting to my imap server with 'openssl s_client'. If I specify
> the CAfile, there are no verify problems. Without it, as you'd expect, I
> get the verify error messages - "unable to to get local issue certificate"
>
> So, now I'm down to figuring out how to install Thawte's root cert. I've
> tried mucking around with openssl.cnf, defining the environment variable
> OPENSSL_CONF to point to my modified openssl.cnf, but no luck.
>
You'll have to check the documentation that comes with imap-2000. How it
handles things is entirely up to the application, it may have a command
line -CAfile or -CApath options or equivalents. It may have a
configuration file or it may have a default location (for example
/usr/local/ssl/certs) where it expects to find trusted certificates.
OPENSSL_CONF and openssl.cnf are used by the openssl utility. Other
applications could do almost anything.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
