Gedalya, Thanks for your reply, it works now, and finally I find it was the format problem, there should been a return between there cert files when cat into one single file.
On 2013-5-18 17:48, Gedalya wrote: > On 05/18/2013 05:06 AM, Bu Xiaobing wrote: >> I even cat mail.mymailserver.com.crt sub.class1.server.ca.pem >> certs/dovecot/ca.pem into one singe file, and define ssl_cert = < >> /path/to/the/singcertfile.pem, but it doesn't work too. > That should be the correct way, but I think there shouldn't be a space > after the < character. > What exactly is the error you are getting? > > You can troubleshoot with openssl s_client, this is from my server: > > $ openssl s_client -connect 192.168.xxx.xxx:143 -starttls imap -CApath > /etc/ssl/certs > CONNECTED(00000003) > depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate > Signing, CN = StartCom Certification Authority > verify return:1 > depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate > Signing, CN = StartCom Class 1 Primary Intermediate Server CA > verify return:1 > depth=0 description = 7t3YlXVfb6bVQ2pp, C = US, CN = mail.gedalya.net, > emailAddress = ___...@gedalya.net > verify return:1 > --- > Certificate chain > 0 > s:/description=7t3YlXVfb6bVQ2pp/C=US/CN=mail.gedalya.net/emailAddress=postmas...@gedalya.net > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Class 1 Primary Intermediate Server CA > 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Class 1 Primary Intermediate Server CA > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate > Signing/CN=StartCom Certification Authority > --- >
