On Fri, 2013-09-13 at 10:18 -0400, Dan Langille wrote:
> Perhaps I am doing the chain incorrectly. I just tried again. The > server is now set up with the following: > > I have three certs in this chain file: > > cat imaps.unixathome.org.pem sub.class1.server.ca.pem ca.pem > > testing.chain.pem > > 1 - the certificate issued by startssl for my server > 2 & 3 - the PEM files for StartSSL as found at > http://www.startssl.com/certs/ > That is the correct chain method, and order > $ openssl s_client -connect imaps.unixathome.org:993 -quiet > depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > verify error:num=19:self signed certificate in certificate chain Never panic about the above, it is just indicating (rightly so) you have a local certificate (the first) in your chain. >ssl_cert = </usr/local/etc/ssl/imaps.unixathome.org.crt >ssl_key = </usr/local/etc/ssl/imaps.unixathome.org.nopassword.key correct method, so long as the cert and key files are named correctly and in the right location. >ssl = required Bit dangerous... and may be the cause of your problems, change to : ssl = yes We use startssl and have many android, blackberry, and iphone users (maybe even win phone Lusers too ;) who knows) amongst desktop/laptop types and never had any problems with them using startssl
<<attachment: face-wink.png>>
signature.asc
Description: This is a digitally signed message part
