My certificate issued by StartSSL is not accepted by my clients

ssl

I have requested a new class 1 server certificate from StartSSL today and it is working great with Apache and Dovecot + (Thunderbird/Outlook/OpenXChange ), but when I try to connect to the mail server using an Apple client (Mac/iPhone), I get an SSL error message.

I have chained the

  • 2_Server Certificate
  • 1_Intermediate Certificate
  • Root Certificate

in this order and used the resulting file as ssl_cert in dovecot. The only other two SSL settings I have are ssl=required and ssl_key = </path

Has anybody had this issue before and came up with a solution?


Solution 1:

Your problem is your CA: StartSSL.

Their certificates are nothing but a waste of electrons since this year, because Apple, Google and Mozilla don't trust them anymore out of the box and for sure others will follow.

https://linustechtips.com/main/topic/688200-apple-google-and-mozilla-disavow-wosign-and-startcom-certificates/

Related

Hyper-V vs. ESXi vs. XenServer
How can I map iostat device names to LVM /dev/mapper/XXX names?
CNAME and A record have different TTLs. Which one will be cached?
How to see on Linux what network interface and source IP address is used for a route to a specific destination host?
Debian. How can I securely get debian-archive-keyring, so that I can do an apt-get update? NO_PUBKEY
How to make Jenkins CI use Local time instead of UTC on debian squeeze
how to auto start openvpn (client) on ubuntu 12.04 cli?
How to upgrade PHP 5.4 to PHP 5.6 on Debian GNU/Linux 7 (wheezy)
Blank Page: wordpress on nginx+php-fpm
Best way to prevent the root system filling up when a mount fails?
How many SMART sector reallocations indicate problems?
How do I show filenames only after a keyword grep search?