Re: [Dovecot] SSL cert problems.

So my conf looks similar to yours: # Disable SSL/TLS support. #ssl_disable = no ssl_cert_file = /etc/pki/dovecot/certs/pop.x10.com.cer ssl_key_file = /etc/pki/dovecot/private/pop.x10.com.key # If key file is password protected, give the password here. Alternatively # give it when starting

Re: [Dovecot] SSL cert problems.

+egbert=vandenbussche...@dovecot.org [mailto:dovecot-bounces+egbert=vandenbussche...@dovecot.org] Namens Geoff Sweet Verzonden: maandag 29 december 2008 20:31 Aan: Dovecot Mailing List Onderwerp: Re: [Dovecot] SSL cert problems. So my conf looks similar to yours: # Disable SSL/TLS support

Re: [Dovecot] SSL cert problems.

Egbert Jan van den Bussche wrote: Still strange that Verisign is not already in your cert. store. Most browsers seem to have Verisign. I'm used to the fact that my CA (Cacert) is not included, being a small free CA. I often have to import class3 and root cert. which is not a big deal after

Re: [Dovecot] SSL cert problems.

Ok, how about from a little different approach. How do I get debugging out of this thing? I followed this: http://wiki.dovecot.org/Logging But I certainly don't consider what it produced in the way of output something I could consider debug logging. It never even once logged anything like

Re: [Dovecot] SSL cert problems.

-Oorspronkelijk bericht- Van: dovecot-bounces+egbert=vandenbussche...@dovecot.org [mailto:dovecot-bounces+egbert=vandenbussche...@dovecot.org] Namens Sahil Tandon Verzonden: donderdag 25 december 2008 18:01 Aan: dovecot@dovecot.org Onderwerp: Re: [Dovecot] SSL cert problems. Geoff Sweet

Re: [Dovecot] SSL cert problems.

Geoff Sweet wrote: [Please do not top-post] Oh, ok once I added the -CAfile change the cert verifies without issue. That's because you installed the intermediate cert on your client; this should not be required. openssl s_client -ssl3 -CAfile ~/intca.cer -connect pop.x10.com:995 -quiet

Re: [Dovecot] SSL cert problems.

Ok so I downloaded the intermediate ca cert thing onto my local machine as intca.cer. Then I ran this command: :~$ openssl s_client -ssl3 -CApath ./intca.cer -connect pop.x10.com:995 CONNECTED(0003) depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology, Inc./OU=Information

Re: [Dovecot] SSL cert problems.

Geoff Sweet wrote: Ok so I downloaded the intermediate ca cert thing onto my local machine as intca.cer. Then I ran this command: :~$ openssl s_client -ssl3 -CApath ./intca.cer -connect pop.x10.com:995 You're pointing to a *file* so you need -CAfile; not -CApath. But even after making

Re: [Dovecot] SSL cert problems.

Oh, ok once I added the -CAfile change the cert verifies without issue. openssl s_client -ssl3 -CAfile ~/intca.cer -connect pop.x10.com:995 -quiet depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority verify return:1 depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust

[Dovecot] SSL cert problems.

I'm really racking my brain trying to figure this one out here. I am running a pop3 server for remote offices on CentOS 5.2. We purchased a SSL cert from Verisign and installed it on our dovecot server, but I continue to get failure problems with the cert and I don't know where to go from here.

Re: [Dovecot] SSL cert problems.

Geoff Sweet wrote: and last but not least, here is my test from openssl. Mind you this fails as a BAD ssl cert in Evolution. :~$ openssl s_client -ssl2 -connect pop.x10.com:995 Try -ssl3 here; you'll see more. CONNECTED(0003) depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless