[Dovecot] SSL issues on separate IPs - resolved

[Tim Traver]

Timo (and others),

It turns out that we had a different set of chain and root ca certs from
godaddy than was required for the proper chain. It seemed to work for
apache, but failed for dovecot...

I really dislike godaddy...

thanks for the help,

Tim.


>> I guess I will go and make sure the chain and CA certs are the proper
>> ones from godaddy. I hate chain certs...
>
> Good plan. I had a similar problem getting fetchmail to connect to
> godaddy-cert'ed servers when the certificate chain verification failed
> because the CA root cert was not present on my client.
>
> To find it, I had to export from the Windows default certstore to get
> a copy. It did not identify itself very well, the OU was "ValiCert
> Class 2 Policy Validation Authority" but it appeared in the certmgr
> gui only as "http://www.valicert.com" (under 3rd party root certs).
> I believe the same one is in the Firefox certstore though, you can
> probably find it there.
>
>>
>> So, I guess I'm not sure if it is dovecot or not yet, although it is
>> kind of strange that nothing is written in the logs about the handshake
>> failing.
>>
>> Tim.
>>
>>