dovecot - Jan 2008 - SSL certificate?

When I install an SSL certificate, I can't find a config option to set
configure the Server Certificate Chain
file...
Is this not possible or can I do it another way?
(When I connect, I am being told the Signature status is uncheckable...)


Regards,

BTJ

-- 
-----------------------------------------------------------------------------------------------
Bj?rn T Johansen

btj at havleik.no
-----------------------------------------------------------------------------------------------
Someone wrote:
"I understand that if you play a Windows CD backwards you hear strange
Satanic messages"
To which someone replied:
"It's even worse than that; play it forwards and it installs
Windows"
-----------------------------------------------------------------------------------------------

On 31.01.2008 1:27, Bj?rn T Johansen wrote:
> When I install an SSL certificate, I can't find a config option to set
configure the Server Certificate Chain
> file...
> Is this not possible or can I do it another way?
> (When I connect, I am being told the Signature status is uncheckable...)
>
>
> Regards,
>
> BTJ
>
>   
You need put all certificates in one file in correct order. Look for 
example here
http://wiki.dovecot.org/SSL/DovecotConfiguration

Bj?rn T Johansen wrote:
> When I install an SSL certificate, I can't find a config option to set
configure the Server Certificate Chain
> file...
> Is this not possible or can I do it another way?
> (When I connect, I am being told the Signature status is uncheckable...)
>
>
> Regards,
>
> BTJ
>
>   
Hi Bj?rn,

I use a CAcert certificate which uses a class 3 intermediate 
certificate. I have this configured in my dovecot.conf:

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened 
before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert_file = /etc/pki/tls/certs/server.crt
ssl_key_file = /etc/pki/tls/certs/server.key

# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter.
#ssl_key_password 
# File containing trusted SSL certificate authorities. Usually not needed.
# The CAfile should contain the CA-certificate(s) followed by the matching
# CRL(s). CRL checking is new in dovecot .rc1
# gives cert errors when used... 2007112vbs
ssl_ca_file = /etc/pki/tls/certs/cacert_class3.crt

So I kind of 'misused' ssl_ca_file' for it.

Egbert Jan