On Tue, 2018-07-24 at 17:56 -0400, Sam Varshavchik wrote:
> Greg Pfister writes:
> Thanks. I'll try that. All the research that I've come up with show
> s that the cert and key file goes into one pem file (which I have) fo
> r the TLS_CERTFILE. However, I thought the TLS_TRUSTCERTS file includ
> ed the chain.The server is production, so I don't want to interfere w
> ith operation until off hours.
> Here's what I was working from:<URL:https://www.sslshopper.com/courie
> r-imap-ssl-installation- instructions.html>https://www.sslshopper.com
> /courier-imap-ssl-installation- instructions.htmland<URL:https://chea
> psslsecurity.com/blog/install-ssl-certificate-courier-imap- server/>h
> ttps://cheapsslsecurity.com/blog/install-ssl-certificate-courier-
> imap-server/
> All of that information is wrong.
> You'll notice that in both of these, the show the TLS_TRUSTCERTS as i
> ntermedi ates.
> I also noticed that all of these tell me to set the protocol
> implementation to either "SSL3" or "TLS1", which have been
> deprecated quite a while ago, as insecure.
> Do not do that. Leave the protocol setting at its default.
Thanks Sam! You are absolutely correct. I placed the signed
certificate, chain certificates (intermediate), and key (in that order)
into a pem file. Assigned that to the TLS_CERTFILE and ignored the
TLS_TRUSTCERTS.
I left the protocol settings default and verified TLSv1.2 from openssl
s_client
Both IMAP and SMTP are operating correctly with the certificates!
--
Greg Pfister
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Courier-imap mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
