[prev in list] [next in list] [prev in thread] [next in thread]
List: imap
Subject: Re: [Imap-use] Help -- Does UW imap support wildcard cert ?
From: Mark Crispin <mrc () cac ! washington ! edu>
Date: 2007-05-12 3:55:46
Message-ID: alpine.OSX.0.99.0705112051500.11568 () pangtzu ! panda ! com
[Download RAW message or body]
The fact that you got this message indicates that you installed the
certificate correctly in UW imapd. The problem is with the certificate
chain in your certificate file, and has nothing to do with UW imapd.
I suggest that you contain your CA company for more assistance in getting
your certificate file set up correctly. Since they provided you with an
intermediate certificate file, they should be able to tell you how to use
it.
On Thu, 10 May 2007, Snopy Land wrote:
> Yes, my setting is using the OpenSSL default. I can use ssl without problem
> (not using wildcard cert).
> My make command is :
> make bsf PASSWDTYPE=pam SSLTYPE=unix \
>
> Sorry for my bad english. The meaning of "I cannot enable the wildcard cert"
> is "I cannot use wildcard cert in UW imap".
> Because after I have changed the .pem file and restart the inetd, I get the
> following error message in the outlook express.
>
> -------------------------------------------
> The server you are connected is using a security certificate that could not
> be verified.
> A certificated chain is processed, but terminated in a root certificate
> which is not trusted by the trust provider
> Do you want to contiue using this server?
> ------------------------------------------
>
> So I wonder the procedures for using the wildcard cert is different. It may
> need some CA files, but I cannot get information in the web site.
>
> Any idea?
>
> Thanks
>
>
>
>
> On 5/10/07, Mark Crispin <mrc@cac.washington.edu> wrote:
>>
>> I have no idea what you mean by "I cannot enable the wildcard cert".
>>
>> Are you certain that /usr/local/ssl/certs is the correct location for
>> certificates on your system? That is the OpenSSL default, but many
>> operating systems move it to some other location. What "make" command did
>> you use when building the IMAP software?
>>
>> On Wed, 9 May 2007, Snopy Land wrote:
>>
>> > Mark,
>> >
>> > Thanks for your reply.
>> >
>> > I have enabled the ssl certifificate without having any problem. But I
>> > cannot enable the wildcard cert (i.e. CN=*.example.com) successfully.
>> Below
>> > is my procedure to enable the wild card cert (actually same as to
>> install
>> > ssl cert )
>> >
>> > 1. create a .pem file which contains private key and crt file
>> > 2. place the .pem file under /usr/local/ssl/certs
>> >
>> > Is it also require an intermediate cert file? I bought the cert from CA
>> > company and it include the intermediate cert file and a primary cert
>> file.
>> >
>> > Besides, I need to install the wildcard cert in apache, I find that the
>> > intermediate cert file is required for the wildcard cert case.
>> >
>> > Any idea ?
>> >
>> > Thanks
>> >
>> >
>> > On 5/8/07, Mark Crispin <mrc@cac.washington.edu> wrote:
>> >>
>> >> > On Tue, 8 May 2007, Snopy Land wrote:
>> >> > Anyone know whether UW imap support wildcard cert ? If yes, how can
>> I
>> >> > enable it ?
>> >>
>> >> If by "wildcard cert" you mean an SSL/TLS certificate with a "*" in the
>> CN
>> >> or altname e.g., CN=*.example.com to be valid for any example.com site,
>> >> the answer is "yes".
>> >>
>> >> There is nothing special that you need to do to enable it.
>>
>> -- Mark --
>>
>> http://panda.com/mrc
>> Democracy is two wolves and a sheep deciding what to eat for lunch.
>> Liberty is a well-armed sheep contesting the vote.
>>
>
-- Mark --
http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.
_______________________________________________
Imap-use mailing list
Imap-use@u.washington.edu
https://mailman1.u.washington.edu/mailman/listinfo/imap-use
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic