Home Forums OS X Server and Client Discussion Mail Root Certificate Error

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • February 19, 2005 at 6:10 pm #360767
    lakecoder
    Participant

    Howdy,

    Following the “Big SSL” article over a year ago, I bought a 1 year cert from qualityssl.com of the form secure.mydomain.com and this all works fine with Apache. I also used it to enable secure mail access. I remember doing *something* to add to the client keychains so that mail clients would no longer cry about “no root certificate for this server” type errors.

    I recently renewed my 1 year cert, and now the mail clients are crying again when attempting to connect via ssl. The email clients are set to this same domain (secure.mydomain.com) as their incoming mail sever address.

    Can anyone remind me what needs to be done to appease the mail clients?

    Thanks!

    Dave

    February 21, 2005 at 3:41 pm #360785
    lakecoder
    Participant

    [QUOTE BY= macshome] sudo certtool i yourcert.crt v k=/System/Library/Keychains/x509Anchors[/QUOTE]

    I had previously tried that and received a response:

    …certificate successfully imported.

    But no change – both Apple Mail & Entourage still both complain of ‘no root cetificate’ Neutral

    Dave

    March 5, 2005 at 3:55 pm #360899
    Anonymous
    Guest

    you need to make /etc/imapd.conf reference your cert, your key, and the ca cert from your issuing company:

    tls_ca_file: /etc/certs/mydomain.com/ComodoSecurityServicesCA.crt
    tls_cert_file: /etc/certs/mydomain.com/server.crt
    tls_key_file: /etc/certs/mydomain.com/server.key

    same goes with /etc/postfix/main.cf:

    smtpd_tls_CAfile = /etc/certs/mydomain.com/ComodoSecurityServicesCA.crt
    smtpd_tls_cert_file = /etc/certs/mydomain.com/server.crt
    smtpd_tls_key_file = /etc/certs/mydomain.com/server.key
    smtp_tls_CAfile = /etc/certs/mydomain.com/ComodoSecurityServicesCA.crt
    smtp_tls_cert_file = /etc/certs/mydomain.com/server.crt
    smtp_tls_key_file = /etc/certs/mydomain.com/server.key

    March 5, 2005 at 3:55 pm #360900
    Anonymous
    Guest

    you need to make /etc/imapd.conf reference your cert, your key, and the ca cert from your issuing company:

    tls_ca_file: /etc/certs/mydomain.com/ComodoSecurityServicesCA.crt
    tls_cert_file: /etc/certs/mydomain.com/server.crt
    tls_key_file: /etc/certs/mydomain.com/server.key

    same goes with /etc/postfix/main.cf:

    smtpd_tls_CAfile = /etc/certs/mydomain.com/ComodoSecurityServicesCA.crt
    smtpd_tls_cert_file = /etc/certs/mydomain.com/server.crt
    smtpd_tls_key_file = /etc/certs/mydomain.com/server.key
    smtp_tls_CAfile = /etc/certs/mydomain.com/ComodoSecurityServicesCA.crt
    smtp_tls_cert_file = /etc/certs/mydomain.com/server.crt
    smtp_tls_key_file = /etc/certs/mydomain.com/server.key

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.