[imp] What to do about the root of our certificate chain?
Cliff Green
green at umdnj.edu
Tue Aug 8 09:38:53 PDT 2006
Cliff Green wrote:
[munch]
> You have to distinguish between imp as a client and the distal imap
> server; both need to have the imap server's cert, though obviously
> only the imap server will have it's private key (per the UW imapd
> instructions). That thread discusses what has to go on your imap
> server; the files on your Horde server will be copies of those files
> (cert and private key concatenated into one PEM file, then symlinked
> to the hash of the cert).
Sorry about that. When re-reading this, I realized that I contradicted
myself. The latter statement is correct - the pem files on your Horde
server will be copies of what you have on the imap server, containing
the imap server's private key and cert, and any certs needed to chain
back to the root cert. In the case of a self-signed cert, it's pretty
simple; in the case of a chain to a public hierarchy, that may include
one or more intermediate certs.
c
--
Cliff Green
BS&T/IST
UMDNJ
More information about the imp
mailing list