We are running perdition processes as a frontend to Exchange imap4s and
pop3s connectors. Everything works just fine expect that the clients are
not sent the certificate chain during the SSL handshake.
Some background:
Our certificates
www.articgroup.se and mail.arcticgroup.se are signed with
the same certificate chain by GlobalSign, root and intermediate. Both the
Apache and the Perdition setup use the same references and the same
ca-chain file. But when testing using openssl s_client and the GlobalSign
root certificate as CAfile, only connections to the apache works,
connecting to perdition returns error 21 (unable to verify the first
certificate). Looking at the debug output from s_client show that the
apache sends the ca chainfile as expected but only the server certificate
is sent by perdition.
For normal mail clients this is not a problem, as it's simple to install
the intermediate certificate but this is not possible on some mobile phones
and some are not even able to accept the server without correct chain
without crashing.
Any hints where to look?
Cheers,
Göran L
................................................... the future isMobile
Goran Lowkrantz <goran.lowkrantz(a)ismobile.com>
System Architect, iaMobile AB
Sandviksgatan 81, PO Box 58, S-971 03 Luleå, Sweden
Mobile: +46(0)70-587 87 82
http://www.ismobile.com ...............................................