Hi all, I have installed an ubuntu server with dovecot and a free certificate from startssl, but I get: verify error:num=20:unable to get local issuer certificate and verify error:num=21:unable to verify the first certificate
Any idea why? Tanks in advance, Allan My dovecot conf: --- auth_username_chars = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_@& default_login_user = dovecot listen = * login_greeting = Dovecot DA ready. mail_access_groups = mail mail_location = maildir:~/Maildir passdb { driver = shadow } passdb { args = username_format=%n /etc/virtual/%d/passwd driver = passwd-file } protocols = pop3 service auth { user = root } service imap-login { process_min_avail = 16 user = dovecot } service pop3-login { inet_listener pop3s { address = * port = 995 } process_min_avail = 16 user = dovecot } #verbose_ssl = yes ssl_ca = </etc/dovecot/startcom_ca.pem ssl_cert = </etc/ssl/certs/ssl.crt ssl_key = </etc/dovecot/pop3d.pem #ssl_verify_client_cert = yes userdb { driver = passwd } userdb { args = username_format=%n /etc/virtual/%d/passwd driver = passwd-file } verbose_proctitle = yes protocol pop3 { pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, bytes=%i/%o pop3_uidl_format = %08Xu%08Xv } --- Complete test: an@an-laptop:~$ openssl s_client -connect mail.minlilleverden.dk:995 CONNECTED(00000003) depth=0 description = 35l5njOWJKek82Eu, C = DK, CN = mail.minlilleverden.dk, emailAddress = postmas...@minlilleverden.dk verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 description = 35l5njOWJKek82Eu, C = DK, CN = mail.minlilleverden.dk, emailAddress = postmas...@minlilleverden.dk verify error:num=27:certificate not trusted verify return:1 depth=0 description = 35l5njOWJKek82Eu, C = DK, CN = mail.minlilleverden.dk, emailAddress = postmas...@minlilleverden.dk verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/description=35l5njOWJKek82Eu/C=DK/CN= mail.minlilleverden.dk/emailAddress=postmas...@minlilleverden.dk i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA --- Server certificate -----BEGIN CERTIFICATE----- MIIGcDCCBVigAwIBAgIDD92mMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0 YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTQwNDE1MTIzMzEz WhcNMTUwNDE2MDA1NjMzWjB2MRkwFwYDVQQNExAzNWw1bmpPV0pLZWs4MkV1MQsw CQYDVQQGEwJESzEfMB0GA1UEAxMWbWFpbC5taW5saWxsZXZlcmRlbi5kazErMCkG CSqGSIb3DQEJARYccG9zdG1hc3RlckBtaW5saWxsZXZlcmRlbi5kazCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKczgWa90C7guVSaMcc3CuluzHHZFXN0 jtNkGguy8uzhKo4d57Igeyd17/0xV1Ye12Hqh0PR8RHLaGdlT9iOyccpFqZRIfnN Gw0Gaf1bO0sJJ+ij3VzwwB9S16Rg1rbG4RgaKQaz5Ktr7vEVsbLp0VnPUUKKLMdt i7jIH8rD8l+6MXQmLrLSFR9OBQmMtpLR5PdnSz416CQtadWAvwG6Nfv7eqh27LAq aH+fBLxbgCpix9860jmksxKybu0JMjSzg1VU5QYZL3PQxXN9bhNDOc4Sm+jlgw7r yTTOkitYQQ+OwH0dYg8l7aVkEwlIaaIlt08DPfIPR+OCexd2EZVEa00CAwEAAaOC Au4wggLqMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUF BwMBMB0GA1UdDgQWBBTji5K9jpxFs2erCE0OINCqxiFjzzAfBgNVHSMEGDAWgBTr QjTQmLCrn/Qbawj3zGQu7w4sRTA0BgNVHREELTArghZtYWlsLm1pbmxpbGxldmVy ZGVuLmRrghFtaW5saWxsZXZlcmRlbi5kazCCAVYGA1UdIASCAU0wggFJMAgGBmeB DAECATCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEFBQcCARYiaHR0cDovL3d3 dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYBBQUHAgIwgeowJxYgU3Rh cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwAwIBARqBvlRoaXMgY2VydGlm aWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcgdG8gdGhlIENsYXNzIDEgVmFsaWRh dGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29tIENBIHBvbGljeSwgcmVs aWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4gY29tcGxpYW5j ZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wNQYDVR0fBC4wLDAq oCigJoYkaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0MS1jcmwuY3JsMIGOBggr BgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5j b20vc3ViL2NsYXNzMS9zZXJ2ZXIvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEu c3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczEuc2VydmVyLmNhLmNydDAjBgNV HRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcNAQEFBQAD ggEBAAaM8/sYqms0PpsT5awstfxziAyd6NVjvl4ZMtPLVQXUOcBjnJrpwbcw5d5d O4RmZTRVC+ejPDqXothoQnIgg/QuT74TJp13RDm1yFrxRh09sRfYX3AT1IBD6l6c +29fM4xqZ68KWslMCMyGXFUaGaZPAAZ8c3YrsLkEuotGYeBpRtgKIeubmwiwPWTI tLaZiTpstsRLkVX49Dxkwy5W2h4SCB82Vtv2KV/8rHY5JpIrQSDZzxuZrp++FRiC c9RP7MlT9yehGLZSIPFCWEcyynEWVUQkgklP78avH8f1ZNmIAF5pe9E1WO3jJvfq z8is8rnym/TsZ2SzyFbDqVtECTI= -----END CERTIFICATE----- subject=/description=35l5njOWJKek82Eu/C=DK/CN= mail.minlilleverden.dk/emailAddress=postmas...@minlilleverden.dk issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA --- No client certificate CA names sent --- SSL handshake has read 2497 bytes and written 507 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : DHE-RSA-AES256-GCM-SHA384 Session-ID: 7D102ECF936A97479CF6ABE7DDB3964D1E6B458FB8DB47A93655EC8408FC414F Session-ID-ctx: Master-Key: 6E1F45249FBC11CFF13EE78C0C973787C6B074618C90B922695FEB9B5402A2925895B456A5E646394D2AA802BEA65564 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 5a b3 83 d5 cb 27 f9 ae-ad 7a 4e 48 14 b1 ff 6b Z....'...zNH...k 0010 - 6e 3d 77 2d 27 6d 32 95-ec 1f 56 dd 6b dc e1 86 n=w-'m2...V.k... 0020 - 66 f2 28 cd 3a fc e4 91-10 60 f5 60 27 70 12 67 f.(.:....`.`'p.g 0030 - 49 97 89 99 88 24 60 d1-1f 62 02 ac 84 b7 a8 4f I....$`..b.....O 0040 - 10 7e 18 b2 31 e0 1b 63-4d c1 94 6c 2e d1 d6 39 .~..1..cM..l...9 0050 - 2f ff 31 16 c2 13 05 9b-06 ef 8a a5 10 a8 64 86 /.1...........d. 0060 - 85 7b 1c fa 7d e1 e7 21-ef 87 e5 c3 13 4a 6a 1b .{..}..!.....Jj. 0070 - 93 80 e2 bb 81 9a 30 44-57 9b 42 32 2a ec af e5 ......0DW.B2*... 0080 - 86 7c 26 b9 e3 75 08 9d-c2 c7 6b 49 db 6e ae 04 .|&..u....kI.n.. 0090 - a4 25 a2 d5 b7 fa f7 b4-e1 61 11 d8 d1 17 02 1c .%.......a...... Start Time: 1397604695 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- +OK Dovecot DA ready.