[BlueOnyx:14687] Re: Dovecot intermediate cert (Was: error (0x800CCC80))
Dogsbody
dan at dogsbody.org
Tue Feb 18 05:20:58 -05 2014
On 17/02/14 23:58, Michael Stauber wrote:
> It still uses RC4 ciphers. Among them RC4-SHA. Which I think is a bad
> idea. If you can make do without RC4, then that would be a hell of a lot
> better.
I absolutely agree, it's an unfortunate workaround for the time being.
>> Michael. Any chance of getting the certificate authority fix added to
>> the setup though please? This will definitely benefit everyone...
>> cp /etc/admserv/certs/ca-certs /etc/pki/dovecot/certs/ca.pem
>> vi /etc/dovecot/conf.d/10-ssl.conf
>> ssl_ca = </etc/pki/dovecot/certs/ca.pem
>> service dovecot restart
>
> # for dovecot
> /bin/cp /etc/admserv/certs/key /etc/pki/dovecot/private/dovecot.pem
> /bin/cp /etc/admserv/certs/certificate /etc/pki/dovecot/certs/dovecot.pem
>
> It's basically the same. Just that it uses separate file for key and
> cert. Not a unified one that contains both.
I don't believe it is the same. I'm not doing anything with the cert
and key. I'm adding the (and any) intermediate cert(s) to dovecot.
Without this dovecot doesn't return the intermediate cert required for
the client to prove a full certificate chain.
Without the intermediate cert dovecot fails the SSL test at:
http://www.networking4all.com/en/support/tools/site+check/
(subtle warning at the top)
And as reported previously on this mailing list people have had problems
getting Google to collect mail from their mailservers as it wants a full
chain:
https://support.google.com/mail/answer/21291
More information about the Blueonyx
mailing list