EDIT: COMO os seguintes documentos descrevem http://www.novell.com/support/kb/doc.php?id=7002392
eu concatenei esses arquivos como este domain.crt sf_bundle.crt >> domain.pem
e agora o seguinte comando openssl s_client -connect domain:465
reclama sobre verify error:num=19:self signed certificate in certificate chain
Espero que alguém possa ajudar a descobrir uma pista: D
Acabei de configurar nosso mta através do postfix que oferece IMAP e SMTP através de TLS. Durante o teste eu criei um certificado auto-assinado, mas agora, para evitar o aviso de certificado não confiável chato eu comprei um certificado barato na Godaddy; link
A questão aqui é que estou fazendo algo errado, provavelmente ao instalar o certificado baixado pelo GoDaddy, então eu ainda estou vendo o aviso.
A seguir, o processo em que me deparei:
openssl genrsa -des3 -out domain.key 1024
openssl req -new -key domain.key -out domain.csr
Fui ao GoDaddy, cole o conteúdo do arquivo CSR incluindo as tags being e ending.
Naquele momento, eu consegui baixar o certificado gerado, que era um arquivo zip, então agora eu tenho os seguintes arquivos:
sf_bundle.crt ;Chain file, on't know how should be used
domain.crt ;Provided along with sf_bundle by Godaddy
domain.csr ;Genrated by me
domain.key ;Genrated by me
Não sei como devo proceder, mas fiz o seguinte:
cat domain.crt sf_bundle.crt >> /etc/ssl/certs/domain.pem
ln -sf /path/to/domain.key /etc/ssl/private/domain.key
Mas ao testar, recebo o seguinte problema:
openssl s_client -connect imap.domain.ltd:465
CONNECTED(00000003)
depth=2 C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/OU=Domain Control Validated/CN=webeloping.es
i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certificates.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435
1 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certificates.starfieldtech.com/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435
i:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
2 s:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
i:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgIHKx6Jb01O+jANBgkqhkiG9w0BAQUFADCB3DELMAkGA1UE
BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAj
BgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOTA3BgNVBAsTMGh0
dHA6Ly9jZXJ0aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeTEx
MC8GA1UEAxMoU3RhcmZpZWxkIFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTERMA8GA1UEBRMIMTA2ODg0MzUwHhcNMTMwNzEyMDc1NTA0WhcNMTQwNzExMTcz
MTAyWjA7MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFjAUBgNV
BAMTDXdlYmVsb3BpbmcuZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDTAHQM3SanFxSZWnxls837ySCHB/CfBJXIBoKQdYOf/N3lGt69jnNHF8X2ZmSI
TeW5Xk/wXnjruKD/EhBvAxiYZVWcp5zJGxd6VNqntiFCVTSesSnwM/X6A54vq/57
UnvrqK7ZozWnINiO/LIWxdVCUwcOmXH+fp6mVUsCbNd8Gp1HpMorhzpvBj1E/5I4
HbZjErGfrLlCYhs2cATtTcBtiUxne3CKOsT/sWd3Z2DAKsJQqd5u3Y59EEfiJmDq
xtoCkfYAhZz5FkA9mr2PQD+UKGLOGjvRDI7P8p5RR9ZG7jixdok5qq0OikCPwex4
hatfWEokBjmWcmr8QcUk1cQjAgMBAAGjggHXMIIB0zAPBgNVHRMBAf8EBTADAQEA
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAw
OQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9z
ZnMxLTI1LmNybDBZBgNVHSAEUjBQME4GC2CGSAGG/W4BBxcBMD8wPQYIKwYBBQUH
AgEWMWh0dHA6Ly9jZXJ0aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3Np
dG9yeS8wgY0GCCsGAQUFBwEBBIGAMH4wKgYIKwYBBQUHMAGGHmh0dHA6Ly9vY3Nw
LnN0YXJmaWVsZHRlY2guY29tLzBQBggrBgEFBQcwAoZEaHR0cDovL2NlcnRpZmlj
YXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5L3NmX2ludGVybWVkaWF0
ZS5jcnQwHwYDVR0jBBgwFoAUSUtSJ9EbvPKhIWpie1FCeorX1VYwKwYDVR0RBCQw
IoINd2ViZWxvcGluZy5lc4IRd3d3LndlYmVsb3BpbmcuZXMwHQYDVR0OBBYEFJp4
5TYP4T3BfuI67Ek2vxtUNiVCMA0GCSqGSIb3DQEBBQUAA4IBAQBjXFPi/3e3GJ+J
Pj7Rafieee4Tqcc5QbwKvrFEdK3OW9/XjntchNOsKumKFJeiK8bsUbSTS+wlpyKG
+qHwrf8d1TtZgKiyJTBHcKxItqSrGsULM5ntTFq/gchOkE0hwK4vfwHZD9bHyy20
CqexuaTT3zpAL3zZi5q2QaOpqQxhPmlkIZvmNotw+a/E+3hmOFKpQtVfT7XeAcQr
bIUMZUEbs778VzjnKdg4grD7oZxwPczbaeJLhdvKs8OEJSbqX/820hLQfoX+wMCI
PNI1jPU3th1cu9nPKU41BXIDY1L6w9zCl2DRvQvjFx9YnjQ/R6YiyaCCh39WS+xg
+An9srwv
-----END CERTIFICATE-----
A configuração relacionada no postfix é semelhante a esta:
## /etc/postfix/main.cf
##Provided by Godaddy along with sf_bundle.crt
smtpd_tls_cert_file=/etc/ssl/certs/domain.crt
##Generated by me
smtpd_tls_key_file=/etc/ssl/private/domain.key
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt