Problems installing ssl certificate for cyrus imap
David Carter
dpc22 at cam.ac.uk
Tue Sep 27 04:57:30 EDT 2005
On Mon, 26 Sep 2005, Nicole Skyrca wrote:
> The certificate that we purchased has an intermediate certificate.
I'm afraid that this is likely to be a problem.
Cyrus (imap/tls.c) uses SSL_CTX_use_certificate_file() rather than the
more advanced SSL_CTX_use_certificate_chain_file() to set up its
certificate. My experience with other applications is that you need to use
the _chain_ version in order for chained certificates to work.
Given that the two functions can be used interchangably, Cyrus should
probably be using SSL_CTX_use_certificate_chain_file(). The SSL manual
page for the two functions certainly recommends this.
--
David Carter Email: David.Carter at ucs.cam.ac.uk
University Computing Service, Phone: (01223) 334502
New Museums Site, Pembroke Street, Fax: (01223) 334679
Cambridge UK. CB2 3QH.
More information about the Info-cyrus
mailing list