Hi everyone, I setup ISPConfig according to the tutorial at http://www.howtoforge.com/perfect-s...sl-pureftpd-bind-postfix-doveot-and-ispconfig and secured it according to http://www.howtoforge.com/securing-...h-a-free-class1-ssl-certificate-from-startssl which went fine. Last week the certificate expired and we switched to Rapid SSL an I don't seem to get it running properly. I installed the certificates and encryption works but it seems, the intermediate certificate doesn't work properly because my mail clients complain about missing Root CA. According to the tutorial I linked the ispserver.crt and ispserver.key in /etc/postfix: smtpd.cert -> /usr/local/ispconfig/interface/ssl/ispserver.crt smtpd.key -> /usr/local/ispconfig/interface/ssl/ispserver.key and this seems to work but I think I did something wrong with the file that is referred in main.cf as smtpd_tls_CAfile. I tried to use the Rapid SSL inermediate certificate with no luck Can anyone pls help me to get this straight? Best Regards
What you described above is all that needs to be done to get a "official" ssl cert in postfix. Maybe you added a wrong CA cert in the ca file or you have to add multiple chain certidficates for rapidssl in the ca file.
Thank you for the hint. replacing the RSA SHA-1 SSL Certificates with the RSA SHA-2 SSL Certificates removed the problem with the missing Root CA but now I get: 4.7.0 TLS not available due to local problem. my mail.err shows: Nov 18 15:48:12 rohrpostix dovecot: imap-login: Error: read(anvil) failed: EOF Nov 18 15:48:12 rohrpostix dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF and my email client (The Bat) returns: 4.7.0 TLS not available due to local problem This seems especially strange because apache works fine with exactly these certificate files (and passes all tests using the Rapid SSL certificate checking tool)
OK I figured it out now. The RSA SHA-2 SSL Certificates are not the right ones so I reverted back to the RSA SHA-1 Certificates. I re-read howto from Rapid SSL and there I found a link to GlobalTrust where customers can manage their certificates: https://products.geotrust.com/orders/orderinformation/authentication.do After logging in all the way down below "Additional Certificates" there is a link titled "Certificate Issuer". You must click it, copy the the certificates' content on top into the intermediate certificate from RapidSSL, restart your services and your'e done. Hope this helps anyone who has problems with Rapid SSL and Postfix / dovecot
