On Mon, Jan 08, 2001 at 03:39:56PM -0600, Ken Teh wrote:
> I have a root cert from Thawte and I'm trying to figure out where it's
> supposed to go.
>
> I have Redhat's imap-2000 with ssl support running on my mail server. It
> has a certificate issued to it by Thawte. I have no problems with mail
> clients like Netscape Messenger, etc., but I cannot connect to my imap
> server with pine-4.30 (also from Redhat with ssl support). It says "Unable
> to get local issuer's certificate".
>
> Anyway to make a long story short, I got a copy of Thawte's root cert and I
> checked connecting to my imap server with 'openssl s_client'. If I specify
> the CAfile, there are no verify problems. Without it, as you'd expect, I
> get the verify error messages - "unable to to get local issue certificate"
imap-2000 does not support CA certificates as it does not allow the use
of client certificates for authentication.
To complete your setup you must change auth_ssl.c: change from
SSL_CTX_use_certificate_file() to SSL_CTX_use_certificate_chain_file()
(note the additional "chain"). Then append all (intermediate and root) CA
files to the server's certificate file, so that one after the other will
together form the complete chain.
This change missed the release of pine-4.31 only by 2 or 3 days and will
be in the next release.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
