On Sun, Aug 19, 2001 at 02:26:24PM -0500, Amos Gouaux wrote:
> As it happens, I too am trying to get SSL/TLS going with latest
> cyrus-imapd. Though, in my case I'm trying to use a Verisign cert.
> At this point I'm just trying to figure out what I need to do next.
>
> I have the server key file in pem format defined, the cert I got
> back from Verisign, and the vsignss.pem that came with
> openssl-0.9.6b. When I attempt to connect I get the following:
>
> depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
>
> Is this telling me I need a chain cert? Suggestions on what to try next?
This error message tells you, that the chain is complete (the verification
process reaches the root CA chain and finds it to be sel signed).
However the verification cannot succeed, as the root CA certificate must
be available as a local copy for verification purposes.
>From the API point of view, this is achieved by loading it using
SSL_CTX_load_verify_locations()
I don't know how to load the trusted CA certificates using the specific
cyrus-imapd software, please check out the manual or grep for the call
shown above in the source and see, how it is used.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
