[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cyrus21 does not work corectly with SSL

On Mo, 14.02.2005, 21:58, Nicolas Ledez wrote:
> Hello, I have a Cyrus21 installation (Sarge). When I'm connect to cyrus
> first time (after cyrus start) :
>
> nico@my_host:~$ openssl s_client -connect my_host.my_domain.com:imaps
> CONNECTED(00000004)
> depth=1 /C=MY/ST=France/L=SmallTown/O=Toto/OU=Certification Services
> Division/CN=Toto Root CA/emailAddress=toto@bidon.com
> verify error:num=19:self signed certificate in certificate chain
> verify return:0

'Toto Root CA' seems to be a self signed certificate instead of an
undependent certificate as your root certificate. You don't have to
self sign a root certificate.


> ---
> Certificate chain
>  0 s:/C=MY/ST=France/L=SmallTown/O=Toto/OU=Secure Imap
> Server/CN=imap.winch.my/emailAddress=toto@bidon.com
>    i:/C=MY/ST=France/L=SmallTown/O=Toto/OU=Certification Services
> Division/CN=Toto Root CA/emailAddress=toto@bidon.com
>  1 s:/C=MY/ST=France/L=SmallTown/O=Toto/OU=Certification Services
> Division/CN=Toto Root CA/emailAddress=toto@bidon.com
>    i:/C=MY/ST=France/L=SmallTown/O=Toto/OU=Certification Services
> Division/CN=Toto Root CA/emailAddress=toto@bidon.com

As I understood your chain you only should sign 'imap.winch.my' with
'Toto Root CA'. Then your chain would look like something

---
Certificate chain
0 s:... /CN=imap.winch.my ...
  i:... /CN=Toto Root CA ...
---

with s = signed and i = issuer.


Christian
Reply to: