On Mon, 2018-07-23 at 20:47 -0400, Sam Varshavchik wrote:
> Greg Pfister writes:
> « HTML content follows »
> Attempted to install a known good GoDaddy certificate (works on
> apache2 on same machine), utilizing all the same files sent from
> GoDaddy, fails with error 21 - chain. Install in TLS_CERTFILE and
> TLS_TRUSTCERTS in both IMAPD- SSL and esmtpd-ssl.
> TLS_TRUSTCERTS sets the certificate authorities for validating IMAP
> client certs.
> If you have a chained cert, both your cert and the intermediate cert
> goes into TLS_CERTFILE, as one concatenated file, one after another,
> together with your cert's private key. They have to be in a specific
> order, and I can never remember which one goes first. I think your
> cert goes first, then the intermediate cert. You can try it both
> ways.
>
Thanks. I'll try that. All the research that I've come up with shows that the
cert and key file goes into one pem file (which I have) for the TLS_CERTFILE.
However, I thought the TLS_TRUSTCERTS file included the chain.The server is
production, so I don't want to interfere with operation until off hours.
Here's what I was working
from:https://www.sslshopper.com/courier-imap-ssl-installation-instructions.htmlandhttps://cheapsslsecurity.com/blog/install-ssl-certificate-courier-imap-server/
You'll notice that in both of these, the show the TLS_TRUSTCERTS as
intermediates.
Will post here my results.
Thanks again.
--
Greg Pfister
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Courier-imap mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
