On Sun, Oct 04, 2015 at 07:58:42AM -0400, Yan Seiner wrote: > >I have a certificate from PositiveSSL for my email server. I have the > >root certificate and the intermediate certs installed in /etc/ssl/certs/. man c_rehash > >However, I still cannot verify my certificate. I can't figure out what I > >have done wrong. I've been wrestling with this for a long time, and I am > >out of ideas. > > > >I am not that familiar with ssl certs - they usually "just work". This > >one, however, is kicking my butt. > Never mind. I tried one more thing and it worked. > > I concatenated my cert onto the bundle and used that. > > cat mail_seiner_com.pem PositiveSSL.pem > mail_seiner_com_bundle.pem > > I'm not sure why neither exim4 nor dovecot would accept my cert and then a > ca cert but rather wanted them all in one bundle. > > It now validates correctly. > > yan at yan-ThinkPad-W530:~$ openssl s_client -connect mail.seiner.com:587 > -starttls smtp -CApath /etc/ssl/certs It is also possible that your MSA does not load "missing" certificates from the default store. -- Viktor.
