Problems installing ssl certificate for cyrus imap

David Carter dpc22 at cam.ac.uk
Tue Sep 27 04:57:30 EDT 2005


On Mon, 26 Sep 2005, Nicole Skyrca wrote:

> The certificate that we purchased has an intermediate certificate.

I'm afraid that this is likely to be a problem.

Cyrus (imap/tls.c) uses SSL_CTX_use_certificate_file() rather than the 
more advanced SSL_CTX_use_certificate_chain_file() to set up its 
certificate. My experience with other applications is that you need to use 
the _chain_ version in order for chained certificates to work.

Given that the two functions can be used interchangably, Cyrus should 
probably be using SSL_CTX_use_certificate_chain_file(). The SSL manual
page for the two functions certainly recommends this.

-- 
David Carter                             Email: David.Carter at ucs.cam.ac.uk
University Computing Service,            Phone: (01223) 334502
New Museums Site, Pembroke Street,       Fax:   (01223) 334679
Cambridge UK. CB2 3QH.



More information about the Info-cyrus mailing list