----- Original Message ----- From: "Don Drake" <[EMAIL PROTECTED]> To: <xmail@xmailserver.org> Sent: Tuesday, March 13, 2007 9:09 PM Subject: [xmail] Re: Testing TLS
> I understand that part, but I have a third file, called sometimes called an > intermediate certificate, which is required with my server.cert file. > > In the Apache world, it's installed as described in the URL: > http://info.ssl.com/article.aspx?id=10741 > > How do I do something similar in the Xmail world? This is a matter of client configuration: for your mailclient to be able to verify the server cert presented by the server (server.cert), it needs to have the public part of the signing CA available locally, which in this case is the intermediate (CA) certificate you mention. But this is not all, that intermediate cert was once signed by another root autorithy. That CA cert also has to be available to the client (locally) in order for the client to verify the full chain. by available locally to the client, I mean a certificate storage facility tied to the client in question. In your case with Thunderbird, you get to the certificate management from the "Security" section, present under account-settings. (Edit -> Preferences) Import your intermediate CA certificate to the client cert storage and be gone with the warning. Thomas Loo Saltstorm Software labs. > Thanks. > > -Don > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Davide Libenzi > Sent: Tuesday, March 13, 2007 2:52 PM > To: xmail@xmailserver.org > Subject: [xmail] Re: Testing TLS > > On Tue, 13 Mar 2007, Don Drake wrote: > > > Sorry, but I've read that whole chapter about 10 times and I'm still > > confused. > > > > I tried adding "SSLUseCertsFile" "1" to server.tab, and then copied > > the ca-bundle into /var/MailRoot/certs.pem. > > > > I still get the warning from Thunderbird when connecting using TLS for > POP3 > > and TLS for SMTP. > > > > Does it matter that, on my linux server, these files (server.key, > cert.pem, > > etc.) are all lowercase, even though the docs show them in uppercase? > > You PEM cert goes into server.cert and your key goes into server.key. > > > > - Davide > > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > > > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
