SSL/TLS question

Joe Rhett jrhett at
Wed Jan 14 19:05:36 EST 2004

On Mon, Jan 12, 2004 at 07:25:33PM -0800, Wil Cooley wrote:
> [Sorry this is a repost from a month ago; I didn't get an answer then,
> but maybe my timing is better now.]
> For my web server, I use a certificate from Comodo which is very
> inexpensive by comparison with Thawte/Verisign certs, but it requires
> installation of an intermediary key for most browsers to be happy with
> it.  It's not difficult with Apache and mod_ssl; I'm wondering if it
> will work with Cyrus, perhaps using the 'tls_ca_file'?  The docs are a
> little sparse (and Comodo doesn't provide explicit instructions like it
> does for mod_ssl) and my understanding of SSL/TLS is a bit limited.
Use the exact same files for the web server as for the Cyrus mail server.
They're both using the same library.

And no, the CA file is to verify client certs.  In this case you put the
certificate and the intermediary certificate in the same file (*.cert)
You don't need a tls_ca_file unless you are verifying client certs.

Joe Rhett                                                      Chief Geek
JRhett at Isite.Net                                      Isite Services, Inc.

More information about the Info-cyrus mailing list