Re: intermediate certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 19.01.2011 19:07, schrieb Marcus Schopen:
> I've to build a new SSL certificate for my cyrus 2.2.13. I'm using a
> Thawte SSL123 certificate. Since the CAs changed to intermediate
> certificates, I'd like to be sure to do the right steps for an update
> and not running into problems with imaps and pop3s clients:
> 
> 1. modify /etc/imapd.conf. Using tls_ca_file for the intermediate
> certificate file:
> 
>  tls_cert_file: /etc/mail/tls/mx.myserver.de.thawte.crt
>  tls_key_file: /etc/mail/tls/mx.myserver.de.thawte.key
>  tls_ca_file: /etc/ssl/certs/SSL123_CA_Bundle.pem
>  tls_ca_path: /etc/ssl/certs
> 
>  I've found a howto on the thawte.nl website
> 
>  http://www.thawte.nl/fr/support/manuals/cyrus/cyrus+imap+server/install
> +certificate/
> 
>  which puts private key, certification and the intermediate certificate
> file in one .pem file and uses this combined file for tls_cert_file,
> tls_key_file and tls_ca_file. Good way?

cat mx.myserver.de.thawte.crt SSL123_CA_Bundle.pem > myserver_bundle.crt

and add it to /etc/imapd.conf:

tls_cert_file: /etc/mail/tls/myserver_bundle.crt
tls_key_file: /etc/mail/tls/mx.myserver.de.thawte.key

For simple TLS/SSL encryption w/o client certificates the tls_ca_* options
are not needed.

Holger
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/


[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux