Timo Sirainen wrote:> On Mon, 2003-10-27 at 15:01, Steve Gare wrote:
>
>>Just a quicky, I can't see anything about how Dovecot handles
>>certificate chains.
>>
>>1, Does it handle them?
>>2, How, if if does?
>>
>>(Just got a cert from www.instantssl.com and I need there intermediate
>>cert do validate it.., Works fine with Apache and Exim )
>
>
> Dovecot doesn't check client's certificate. It's client's
job to check
> server's certificate and check the chains. Or at least I don't
think
> there's anything special Dovecot should do with them..
I had trouble with an instantssl cert, and found that what I needed to
do was to also include all the certs up the chain, in a certain order,
to keep the client from complaining about an invalid certificate. The
first certificate in the pem file should be the the server certificate,
followed by its chain starting from the root certificate down.
Matt