17 Jan 2008 13:17
Re: No ca chain sent to client
Goran Lowkrantz <goran.lowkrantz <at> ismobile.com>
2008-01-17 12:17:49 GMT
2008-01-17 12:17:49 GMT
OK, found how to do it. It works a expected if the file referred by ssl_cert_file is the full cert chain i.e. starting with the server certificate, followed by intermediate ca:s ending in the root ca. /glz --On January 16, 2008 4:40:57 PM +0100 Goran Lowkrantz <goran.lowkrantz <at> ismobile.com> wrote: > We are running perdition processes as a frontend to Exchange imap4s and > pop3s connectors. Everything works just fine expect that the clients are > not sent the certificate chain during the SSL handshake. > > Some background: > > Our certificates www.articgroup.se and mail.arcticgroup.se are signed > with the same certificate chain by GlobalSign, root and intermediate. > Both the Apache and the Perdition setup use the same references and the > same ca-chain file. But when testing using openssl s_client and the > GlobalSign root certificate as CAfile, only connections to the apache > works, connecting to perdition returns error 21 (unable to verify the > first certificate). Looking at the debug output from s_client show that > the apache sends the ca chainfile as expected but only the server > certificate is sent by perdition. > > For normal mail clients this is not a problem, as it's simple to install > the intermediate certificate but this is not possible on some mobile > phones and some are not even able to accept the server without correct > chain without crashing. > > Any hints where to look? > > Cheers, > Göran L > > ................................................... the future isMobile > > Goran Lowkrantz <goran.lowkrantz <at> ismobile.com> > System Architect, iaMobile AB > Sandviksgatan 81, PO Box 58, S-971 03 Luleå, Sweden > Mobile: +46(0)70-587 87 82 > http://www.ismobile.com ............................................... > ______________________________________________ > Perdition-users mailing list > Perdition-users <at> vergenet.net > http://lists.vergenet.net/listinfo/perdition-users ................................................... the future isMobile Goran Lowkrantz <goran.lowkrantz <at> ismobile.com> System Architect, iaMobile AB Sandviksgatan 81, PO Box 58, S-971 03 Luleå, Sweden Mobile: +46(0)70-587 87 82 http://www.ismobile.com ............................................... ______________________________________________ Perdition-users mailing list Perdition-users <at> vergenet.net http://lists.vergenet.net/listinfo/perdition-users
RSS Feed