intermediate certificates
Marcus Schopen
lists at localguru.de
Wed Jan 19 13:07:40 EST 2011
Hi,
I've to build a new SSL certificate for my cyrus 2.2.13. I'm using a
Thawte SSL123 certificate. Since the CAs changed to intermediate
certificates, I'd like to be sure to do the right steps for an update
and not running into problems with imaps and pop3s clients:
1. modify /etc/imapd.conf. Using tls_ca_file for the intermediate
certificate file:
tls_cert_file: /etc/mail/tls/mx.myserver.de.thawte.crt
tls_key_file: /etc/mail/tls/mx.myserver.de.thawte.key
tls_ca_file: /etc/ssl/certs/SSL123_CA_Bundle.pem
tls_ca_path: /etc/ssl/certs
I've found a howto on the thawte.nl website
http://www.thawte.nl/fr/support/manuals/cyrus/cyrus+imap+server/install
+certificate/
which puts private key, certification and the intermediate certificate
file in one .pem file and uses this combined file for tls_cert_file,
tls_key_file and tls_ca_file. Good way?
2. check databases
/usr/sbin/ctl_cyrusdb -c
3. shut down cyrus (and may be backup /var/lib/cyrus)
4. do I have to remove /var/lib/cyrus/tls_sessions.db ?
5. start cyrus again
Any comments are welcome.
System debian/lenny:
cyrus-admin-2.2 2.2.13-14+lenny3
cyrus-common-2.2 2.2.13-14+lenny3
cyrus-imapd-2.2 2.2.13-14+lenny3
cyrus-pop3d-2.2 2.2.13-14+lenny3
libcyrus-imap-perl22 2.2.13-14+lenny3
Ciao,
Marcus
More information about the Info-cyrus
mailing list