[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS CA Chain Problem

Brett Maxfield schrieb:

I just got an SSL certificate issued by Comodo which doesn't work as expected with slapd. Which means I get an untrusted certificate warning in Thunderbird. Probably I just missed something.

I'll ask the question, why would the trust chain in slapd affect thunderbird?

What thunderbird considers trusted will be up to thunderbird itself, or the underlying OS.


Isn't that what the certificate chain in TLSCACertificateFile (or the corresponding directives in Apache, Postfix and so on) is good for? To build the trust chain from the issued certificate up to the trusted root certificate via intermediate certificates? If it was a problem of the underlying OS, shouldn't openssl s_client -connect localhost:<port> show exactly the same results for all services?