Question
SSL "root certificate not trusted" Ubuntu 12.04 x64, Apache, iRedMail
- Posted November 5, 2013
So, I installed iRedMail successfully following this tutorial: https://digitalocean.com/community/articles/how-to-install-iredmail-on-ubuntu-12-04-x64
I also installed a RapidSSL certificate and everything works great when pull up the site in my browser (cognizemail.co). And this certificate checker says it’s installed correctly: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO9556
I can send and receive mail just fine, but the issue I’m having is that I have to make a security exception every time I connect or set up an account in mail (OS X). It comes up saying the certificate location/province is GuangDong, China. WTF? That’s not the location I specified when I configured the certificate.
screenshot: http://cognizemail.co/mail.png
It seems to do this regardless of whether I use the www.
This has been driving me nuts! Does anyone have an idea of what could be going on here?
Thanks :)
Nick
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Try DigitalOcean for free
Click below to sign up and get $100 of credit to try our products over 60 days!
I finally figured this out. I just need to update the configuration files for Dovecot (/etc/dovecot/dovecot.conf) and Postfix (/etc/postfix/main.cf) to use the correct certificates. <br> <br>I also had to remove the password from the .key file because Postfix wouldn’t cooperate with it.
I read through that and can’t see anything wrong with my setup. I talked with someone at eNom support about the certificate I bought and he said it might have something to do with using the top-level domain for mail instead of a subdomain (i.e., cognizemail.co instead of mail.cognizemail.co) and that I might need a wildcard certificate instead? Doesn’t make sense to me, but what do I know?
Have you check out <a href=“https://www.digitalocean.com/community/articles/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps”>How To Set Up Apache with a Free Signed SSL Certificate on a VPS</a>?
RapidSSL_CA_bundle.pem and intermediate.crt contain the same text. I think I just need intermediate.crt, but I’m not sure.
I put cognizemail.co.crt, cognizemail.key, intermediate.crt, and RapidSSL_CA_bundle.pem in /etc/ssl <br> <br>I have these lines in /etc/apache2/sites-available/default-ssl … <br>SSLEngine on <br>SSLProtocol all <br>SSLCertificateFile /etc/ssl/cognizemail.co.crt
<br>SSLCertificateKeyFile /etc/ssl/cognizemail.key <br>SSLCACertificateFile /etc/ssl/intermediate.crt <br> <br>The intermediate.crt is the CA Bundled one from here: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=AR1548 <br> <br>I tried a few other things like: “dpkg-reconfigure ca-certificates” and "update-ca-certificates
Do you have RapidSSL’s ca-bundle configured in apache?