OK, found how to do it.
It works a expected if the file referred by ssl_cert_file is the full cert
chain i.e. starting with the server certificate, followed by intermediate
ca:s ending in the root ca.
/glz
--On January 16, 2008 4:40:57 PM +0100 Goran Lowkrantz
<goran.lowkrantz(a)ismobile.com> wrote:
We are running perdition processes as a frontend to
Exchange imap4s and
pop3s connectors. Everything works just fine expect that the clients are
not sent the certificate chain during the SSL handshake.
Some background:
Our certificates
www.articgroup.se and mail.arcticgroup.se are signed
with the same certificate chain by GlobalSign, root and intermediate.
Both the Apache and the Perdition setup use the same references and the
same ca-chain file. But when testing using openssl s_client and the
GlobalSign root certificate as CAfile, only connections to the apache
works, connecting to perdition returns error 21 (unable to verify the
first certificate). Looking at the debug output from s_client show that
the apache sends the ca chainfile as expected but only the server
certificate is sent by perdition.
For normal mail clients this is not a problem, as it's simple to install
the intermediate certificate but this is not possible on some mobile
phones and some are not even able to accept the server without correct
chain without crashing.
Any hints where to look?
Cheers,
Göran L
................................................... the future isMobile
Goran Lowkrantz <goran.lowkrantz(a)ismobile.com>
System Architect, iaMobile AB
Sandviksgatan 81, PO Box 58, S-971 03 Luleå, Sweden
Mobile: +46(0)70-587 87 82
http://www.ismobile.com ...............................................
______________________________________________
Perdition-users mailing list
Perdition-users(a)vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
................................................... the future isMobile
Goran Lowkrantz <goran.lowkrantz(a)ismobile.com>
System Architect, iaMobile AB
Sandviksgatan 81, PO Box 58, S-971 03 Luleå, Sweden
Mobile: +46(0)70-587 87 82
http://www.ismobile.com ...............................................