Author Topic: Fix for "incomplete missing intermediate SSL" for mobile & other mail clients  (Read 639 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
CWPpro version: 0.9.8.699

If you experience difficulty loading your email accounts on mobile devices or other mail servers it is most likely caused by the "incomplete or missing intermediate SSL error".

1. To reproduce:
1.1. Set the correct hostname of the server and get a free SSL (/admin/index.php?module=change_hostname)
1.2. Rebuild the mail server with the correct certificate (/admin/index.php?module=postfix_manager)
1.3. Check your config at https://www.sslshopper.com/ssl-checker.html. Insert "hostname:995" or "hostname:993" or "hostname:465" and have a look
- It will show you a broken certificate chain.


2. Make the following changes via terminal:


2.1. Open dovecot config file:
Code: [Select]
nano /etc/dovecot/dovecot.conf
2.2.  Search for the following line:
Code: [Select]
ssl_cert = </etc/pki/tls/certs/hostname.crt
2.3. Then change the "hostname.crt" to "hostname.bundle":
Code: [Select]
ssl_cert = </etc/pki/tls/certs/hostname.bundle
2.4. Restart dovecot:
Code: [Select]
systemctl restart dovecot
2.5. Open postfix config file:
Code: [Select]
nano /etc/postfix/main.cf
2.6. Search for the following line:
Code: [Select]
smtpd_tls_cert_file = /etc/pki/tls/certs/hostname.crt
2.7. Change "hostname.crt" to "hostname.bundle" :
Code: [Select]
smtpd_tls_cert_file = /etc/pki/tls/certs/hostname.bundle
2.8. Restart postfix:
Code: [Select]
systemctl restart postfix

3 Check if problem is fixed now

3.1 Check your config at https://www.sslshopper.com/ssl-checker.html. Insert "hostname:995" or "hostname:993" or "hostname:465" and have a look.
- The chain should be complete now.

Offline
**
Thanks for the information. Good some body here is trying to help :)