intermediate certificates

Marcus Schopen lists at
Wed Jan 19 13:07:40 EST 2011


I've to build a new SSL certificate for my cyrus 2.2.13. I'm using a
Thawte SSL123 certificate. Since the CAs changed to intermediate
certificates, I'd like to be sure to do the right steps for an update
and not running into problems with imaps and pop3s clients:

1. modify /etc/imapd.conf. Using tls_ca_file for the intermediate
certificate file:

 tls_cert_file: /etc/mail/tls/
 tls_key_file: /etc/mail/tls/
 tls_ca_file: /etc/ssl/certs/SSL123_CA_Bundle.pem
 tls_ca_path: /etc/ssl/certs

 I've found a howto on the website

 which puts private key, certification and the intermediate certificate
file in one .pem file and uses this combined file for tls_cert_file,
tls_key_file and tls_ca_file. Good way?

2. check databases

 /usr/sbin/ctl_cyrusdb -c

3. shut down cyrus (and may be backup /var/lib/cyrus)

4. do I have to remove /var/lib/cyrus/tls_sessions.db ?

5. start cyrus again

Any comments are welcome.

System debian/lenny:

 cyrus-admin-2.2                   2.2.13-14+lenny3             
 cyrus-common-2.2                  2.2.13-14+lenny3             
 cyrus-imapd-2.2                   2.2.13-14+lenny3             
 cyrus-pop3d-2.2                   2.2.13-14+lenny3             
 libcyrus-imap-perl22              2.2.13-14+lenny3             


More information about the Info-cyrus mailing list