Re: Cyrus21 does not work corectly with SSL
On Mo, 14.02.2005, 21:58, Nicolas Ledez wrote:
> Hello, I have a Cyrus21 installation (Sarge). When I'm connect to cyrus
> first time (after cyrus start) :
>
> nico@my_host:~$ openssl s_client -connect my_host.my_domain.com:imaps
> CONNECTED(00000004)
> depth=1 /C=MY/ST=France/L=SmallTown/O=Toto/OU=Certification Services
> Division/CN=Toto Root CA/emailAddress=toto@bidon.com
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
'Toto Root CA' seems to be a self signed certificate instead of an
undependent certificate as your root certificate. You don't have to
self sign a root certificate.
> ---
> Certificate chain
> 0 s:/C=MY/ST=France/L=SmallTown/O=Toto/OU=Secure Imap
> Server/CN=imap.winch.my/emailAddress=toto@bidon.com
> i:/C=MY/ST=France/L=SmallTown/O=Toto/OU=Certification Services
> Division/CN=Toto Root CA/emailAddress=toto@bidon.com
> 1 s:/C=MY/ST=France/L=SmallTown/O=Toto/OU=Certification Services
> Division/CN=Toto Root CA/emailAddress=toto@bidon.com
> i:/C=MY/ST=France/L=SmallTown/O=Toto/OU=Certification Services
> Division/CN=Toto Root CA/emailAddress=toto@bidon.com
As I understood your chain you only should sign 'imap.winch.my' with
'Toto Root CA'. Then your chain would look like something
---
Certificate chain
0 s:... /CN=imap.winch.my ...
i:... /CN=Toto Root CA ...
---
with s = signed and i = issuer.
Christian
Reply to: