search for: identrust

...X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Authority Information Access: OCSP - URI:http://isrg.trustid.ocsp.identrust.com CA Issuers - URI:http://apps.identrust.com/roots/dstrootcax3.p7c X509v3 Authority Key Identifier: keyid:C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10 X509v3 Certificate Policies: Policy: 2.23.140.1.2.1...

...put in > > the option tls_ca_cert_file? > > > > I tried with /etc/letsencrypt/live/my.host/chain.pem and also certs I > > got from let's encrypt website (https://letsencrypt.org/certificates/ / > > tried ISRG Root X1 (self-signed) & Let?s Encrypt Authority X3 (IdenTrust > > cross-signed) & Let?s Encrypt Authority X3 (Signed by ISRG Root X1)) > > But I always have the same error. > > > > Thanks, > > Kenny > > > > Hi! > > Can you try with 2.3.10.1? You can find packages at https://repo.dovecot.org > > Ak...

On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > I do see WoSign there (though I'd prefer to avoid my US located servers > have certificates signed by authority located in China, hence located sort > of behind "the great firewall of China" - call me superstitious). That?s a perfectly valid concern. The last I heard, modern

...xed, then could someone tell me what do I have to put in the option tls_ca_cert_file? I tried with /etc/letsencrypt/live/my.host/chain.pem and also certs I got from let's encrypt website (https://letsencrypt.org/certificates/ / tried ISRG Root X1 (self-signed) & Let?s Encrypt Authority X3 (IdenTrust cross-signed) & Let?s Encrypt Authority X3 (Signed by ISRG Root X1)) But I always have the same error. Thanks, Kenny My configs: - I'm on a Debian Buster with Dovecot / postfix / roundcube - dovecot -n : --- # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () #...

....com nor letsencrypt.org between Authorities >> certificates. > > That?s because they are not top-tier CAs. I forgot to mention that letsencrypt.com uses one of its own certificates. You can use your browser?s certificate detail view to see the chain of trust. I see two levels here: IdenTrust -> TrustID -> Let?s Encrypt. As for starttls.com, that doesn?t exist; you?re probably confusing it with the SMTP STARTTLS protocol extension. What you mean is startssl.com, which is the main public face of StartCom. StartCom is a top-tier CA.

...ell me what do I have to put in > the option tls_ca_cert_file? > > I tried with /etc/letsencrypt/live/my.host/chain.pem and also certs I > got from let's encrypt website (https://letsencrypt.org/certificates/ / > tried ISRG Root X1 (self-signed) & Let?s Encrypt Authority X3 (IdenTrust > cross-signed) & Let?s Encrypt Authority X3 (Signed by ISRG Root X1)) > But I always have the same error. > > Thanks, > Kenny > Hi! Can you try with 2.3.10.1? You can find packages at https://repo.dovecot.org Aki

...uthorities >>> certificates. >> >> That???s because they are not top-tier CAs. > > I forgot to mention that letsencrypt.com uses one of its own certificates. > You can use your browser???s certificate detail view to see the chain of > trust. I see two levels here: IdenTrust -> TrustID -> Let???s Encrypt. Thanks, that means no need to install CA. There is always someone (Thanks, Warren!) who looked deeper into things, and can explain them. The only thing here is: I need to look deeper myself how the identity of the server is ensured in this case (i.e. whether ti...

...;> the option tls_ca_cert_file? >>> >>> I tried with /etc/letsencrypt/live/my.host/chain.pem and also certs I >>> got from let's encrypt website (https://letsencrypt.org/certificates/ / >>> tried ISRG Root X1 (self-signed) & Let?s Encrypt Authority X3 (IdenTrust >>> cross-signed) & Let?s Encrypt Authority X3 (Signed by ISRG Root X1)) >>> But I always have the same error. >>> >>> Thanks, >>> Kenny >>> >> Hi! >> >> Can you try with 2.3.10.1? You can find packages at https://repo.dove...