Applications like Dovecot and Exim require the intermediate certificates concatenated into one file along with your site’s certificate. Apache also requires the intermediate certificates in one file, too.
The Comodo Positive SSL certificate appears to be one of the cheapest available at gogetssl.com.
When you get a Comodo Positive SSL certificate you get your site certificate and three other “intermediate” certificate authority files bundled in your zip file, the three extra files are:
Filename |
Type |
Distance from Root |
AddTrustExternalCARoot.crt |
Intermediate |
0 |
COMODORSAAddTrustCA.crt |
Intermediate |
1 |
COMODORSADomainValidationSecureServerCA.crt |
Intermediate |
2 |
your_site.crt |
Site Certificate |
3 |
For Apache you need to put the three certificate authority intermediate certificates into one file in order of decreasing distance from the root.
cat COMODORSADomainValidationSecureServerCA.crt \
COMODORSAAddTrustCA.crt \
AddTrustExternalCARoot.crt \
>intermediate.crt
and then add the following to your virtual server configuration:
SSLCertificateFile /etc/apache2/ssl/gogetssl/your_site.crt
SSLCertificateKeyFile /etc/apache2/ssl/gogetssl/your_site.key
SSLCertificateChainFile /etc/apache2/ssl/gogetssl/intermediate.crt
For Dovecot/Exim you need to put all four certificates including your site certificate into one file in order of decreasing distance from the root:
cat your_site.crt \
COMODORSADomainValidationSecureServerCA.crt \
COMODORSAAddTrustCA.crt \
AddTrustExternalCARoot.crt \
>your_site.comodo+intermediate.crt
and then add the following to your exim4.conf:
tls_certificate = CONFDIR/ssl/gogetssl/your_site.comodo+intermediate.crt
tls_privatekey = CONFDIR/ssl/gogetssl/your_site.key
and in dovecot.conf:
ssl_cert = </etc/dovecot/ssl/gogetssl/your_site.comodo+intermediate.crt
ssl_key = </etc/dovecot/ssl/gogetssl/your_site.key
Recent Comments