intermediate certificates
Holger Mauermann
holger at mauermann.org
Wed Jan 19 14:08:42 EST 2011
Am 19.01.2011 19:07, schrieb Marcus Schopen:
> I've to build a new SSL certificate for my cyrus 2.2.13. I'm using a
> Thawte SSL123 certificate. Since the CAs changed to intermediate
> certificates, I'd like to be sure to do the right steps for an update
> and not running into problems with imaps and pop3s clients:
>
> 1. modify /etc/imapd.conf. Using tls_ca_file for the intermediate
> certificate file:
>
> tls_cert_file: /etc/mail/tls/mx.myserver.de.thawte.crt
> tls_key_file: /etc/mail/tls/mx.myserver.de.thawte.key
> tls_ca_file: /etc/ssl/certs/SSL123_CA_Bundle.pem
> tls_ca_path: /etc/ssl/certs
>
> I've found a howto on the thawte.nl website
>
> http://www.thawte.nl/fr/support/manuals/cyrus/cyrus+imap+server/install
> +certificate/
>
> which puts private key, certification and the intermediate certificate
> file in one .pem file and uses this combined file for tls_cert_file,
> tls_key_file and tls_ca_file. Good way?
cat mx.myserver.de.thawte.crt SSL123_CA_Bundle.pem > myserver_bundle.crt
and add it to /etc/imapd.conf:
tls_cert_file: /etc/mail/tls/myserver_bundle.crt
tls_key_file: /etc/mail/tls/mx.myserver.de.thawte.key
For simple TLS/SSL encryption w/o client certificates the tls_ca_* options
are not needed.
Holger
More information about the Info-cyrus
mailing list