Am 19.01.2011 19:07, schrieb Marcus Schopen: > I've to build a new SSL certificate for my cyrus 2.2.13. I'm using a > Thawte SSL123 certificate. Since the CAs changed to intermediate > certificates, I'd like to be sure to do the right steps for an update > and not running into problems with imaps and pop3s clients: > > 1. modify /etc/imapd.conf. Using tls_ca_file for the intermediate > certificate file: > > tls_cert_file: /etc/mail/tls/mx.myserver.de.thawte.crt > tls_key_file: /etc/mail/tls/mx.myserver.de.thawte.key > tls_ca_file: /etc/ssl/certs/SSL123_CA_Bundle.pem > tls_ca_path: /etc/ssl/certs > > I've found a howto on the thawte.nl website > > http://www.thawte.nl/fr/support/manuals/cyrus/cyrus+imap+server/install > +certificate/ > > which puts private key, certification and the intermediate certificate > file in one .pem file and uses this combined file for tls_cert_file, > tls_key_file and tls_ca_file. Good way? cat mx.myserver.de.thawte.crt SSL123_CA_Bundle.pem > myserver_bundle.crt and add it to /etc/imapd.conf: tls_cert_file: /etc/mail/tls/myserver_bundle.crt tls_key_file: /etc/mail/tls/mx.myserver.de.thawte.key For simple TLS/SSL encryption w/o client certificates the tls_ca_* options are not needed. Holger ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
