We have our own CA that signed this certificate. Our CA's public cert is in /etc/ssl/certs on the server. It appears that Courier is not trusting or finding the CA cert?
I've added the CA to /usr/share/ca-certificates/ and ran ~sudo dpkg-reconfigure ca-certificates~, adding it to the client. No change.
This is my conversation with Courier from a remote client:
openssl s_client -connect mail.mycompany.com:995
+OK Hello there. USER me@mycompany.com +OK Password required. PASS 12345 +OK logged in. LIST +OK POP3 clients that break here, they violate STD53. . RETR RENEGOTIATING depth=0 /C=US/ST=State/L=My City/O=mycompany, Inc/OU=Mail Server/CN=mail.mycompany.com/emailAddress=me@mycompany.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=State/L=My City/O=mycompany, Inc/OU=Mail Server/CN=mail.mycompany.com/emailAddress=me@mycompany.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=State/L=My City/O=mycompany, Inc/OU=Mail Server/CN=mail.mycompany.com/emailAddress=me@mycompany.com verify error:num=21:unable to verify the first certificate verify return:1
How do I make Courier use the cert? Or is this a client issue?
Update: Adding the CAs Public Cert in the .pem file (mail server key + mail server cert + ca cert) removes the previos errors, and replaces it with:
verify error:num=19:self signed certificate in certificate chain
I don't know if that's a step in the right direction or not. My understanding is that a CA's public cert is a self-signed cert, but how to get rid of the error?
