intermediate certificates

Holger Mauermann holger at
Wed Jan 19 14:08:42 EST 2011

Am 19.01.2011 19:07, schrieb Marcus Schopen:
> I've to build a new SSL certificate for my cyrus 2.2.13. I'm using a
> Thawte SSL123 certificate. Since the CAs changed to intermediate
> certificates, I'd like to be sure to do the right steps for an update
> and not running into problems with imaps and pop3s clients:
> 1. modify /etc/imapd.conf. Using tls_ca_file for the intermediate
> certificate file:
>  tls_cert_file: /etc/mail/tls/
>  tls_key_file: /etc/mail/tls/
>  tls_ca_file: /etc/ssl/certs/SSL123_CA_Bundle.pem
>  tls_ca_path: /etc/ssl/certs
>  I've found a howto on the website
> +certificate/
>  which puts private key, certification and the intermediate certificate
> file in one .pem file and uses this combined file for tls_cert_file,
> tls_key_file and tls_ca_file. Good way?

cat SSL123_CA_Bundle.pem > myserver_bundle.crt

and add it to /etc/imapd.conf:

tls_cert_file: /etc/mail/tls/myserver_bundle.crt
tls_key_file: /etc/mail/tls/

For simple TLS/SSL encryption w/o client certificates the tls_ca_* options
are not needed.


More information about the Info-cyrus mailing list