Author Topic: [Correction Proposal] dovecot SSL: Incomplete certificate chain  (Read 537 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
CWPpro version: 0.9.8.699

The default setup of dovecot SSL is incomplete and will cause issues with some devices/software when verifying the SSL connection/certificate.

To reproduce:
  • Set the correct hostname of the server and get a free SSL (/admin/index.php?module=change_hostname)
  • Rebuild the mail server with the correct certificate (/admin/index.php?module=postfix_manager)
  • Check your config at https://www.sslshopper.com/ssl-checker.html. Insert hostname:995 and have a look
It will show you a broken certificate chain.

To correct this, open dovecot config file at /etc/dovecot/dovecot.conf and go to the line
Code: [Select]
ssl_cert = </etc/pki/tls/certs/hostname.crtand correct it:
Code: [Select]
ssl_cert = </etc/pki/tls/certs/hostname.bundleThen restart dovecot running the command
Code: [Select]
systemctl restart dovecot
« Last Edit: July 30, 2018, 04:29:36 PM by Felix »

Offline
*
Re: [Correction Proposal] dovecot SSL: Incomplete certificate chain
« Reply #1 on: September 28, 2018, 01:26:47 AM »
thanks, fixed the issue with using pop3 through gmail! need that intermediate cert in the bundle.