[ale] SSL Certificates
Jeremy T. Bouse
jeremy.bouse at UnderGrid.net
Thu Sep 20 17:05:32 EDT 2012
On 20.09.2012 16:53, Ben Coleman wrote:
> On 9/20/2012 16:41, Jeremy T. Bouse wrote:
>> If you're having to put intermediate certificates in your browser or
>> email client then you're doing it wrong... The intermediate
>> certificate
>> is only needed on the server listed as the CA certificate as the
>> root CA
>> certificate is already installed in your browser.
>
> So, I'm probably doing it wrong. When you're installing your
> certificate in Apache or Dovecot, do you typically include the
> intermediate in the same text file as your certificate, or is there
> typically some other way of including it?
>
> Ben
On a Debian-based (includes Ubuntu and other derivatives):
I install the certificate under /etc/ssl/certs/ and the certificate's
key under /etc/ssl/private/. I then place the intermediate CA under
/usr/local/share/ca-certificates/ and run update-ca-certificates.
For Apache I then set SSLCertificateFile to the certificate,
SSLCertificateKeyFile to the cert's key and SSLCACertificatePath to
/etc/ssl/certs/.
For Dovecot in the 10-ssl.conf I set ssl_cert and ssl_key as I do for
Apache and then set ssl_ca to /etc/ssl/certs/ca-certificates.crt which
is managed via the update-ca-certificates script.
If you want to valid you can try hitting https://webmail.undergrid.net/
which is an Apache2 instance setup with a Start Com SSL certificate. You
can also verify Dovecot via 'openssl s_client -connect
imap.undergrid.net:143 -starttls imap -CApath /etc/ssl/certs'.
More information about the Ale
mailing list