Question

SSL "root certificate not trusted" Ubuntu 12.04 x64, Apache, iRedMail

  • Posted November 5, 2013

So, I installed iRedMail successfully following this tutorial: https://digitalocean.com/community/articles/how-to-install-iredmail-on-ubuntu-12-04-x64

I also installed a RapidSSL certificate and everything works great when pull up the site in my browser (cognizemail.co). And this certificate checker says it’s installed correctly: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO9556

I can send and receive mail just fine, but the issue I’m having is that I have to make a security exception every time I connect or set up an account in mail (OS X). It comes up saying the certificate location/province is GuangDong, China. WTF? That’s not the location I specified when I configured the certificate.

screenshot: http://cognizemail.co/mail.png

It seems to do this regardless of whether I use the www.

This has been driving me nuts! Does anyone have an idea of what could be going on here?

Thanks :)

Nick

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I finally figured this out. I just need to update the configuration files for Dovecot (/etc/dovecot/dovecot.conf) and Postfix (/etc/postfix/main.cf) to use the correct certificates. <br> <br>I also had to remove the password from the .key file because Postfix wouldn’t cooperate with it.

I read through that and can’t see anything wrong with my setup. I talked with someone at eNom support about the certificate I bought and he said it might have something to do with using the top-level domain for mail instead of a subdomain (i.e., cognizemail.co instead of mail.cognizemail.co) and that I might need a wildcard certificate instead? Doesn’t make sense to me, but what do I know?

Have you check out <a href=“https://www.digitalocean.com/community/articles/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps”>How To Set Up Apache with a Free Signed SSL Certificate on a VPS</a>?

RapidSSL_CA_bundle.pem and intermediate.crt contain the same text. I think I just need intermediate.crt, but I’m not sure.

I put cognizemail.co.crt, cognizemail.key, intermediate.crt, and RapidSSL_CA_bundle.pem in /etc/ssl <br> <br>I have these lines in /etc/apache2/sites-available/default-ssl … <br>SSLEngine on <br>SSLProtocol all <br>SSLCertificateFile /etc/ssl/cognizemail.co.crt
<br>SSLCertificateKeyFile /etc/ssl/cognizemail.key <br>SSLCACertificateFile /etc/ssl/intermediate.crt <br> <br>The intermediate.crt is the CA Bundled one from here: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=AR1548 <br> <br>I tried a few other things like: “dpkg-reconfigure ca-certificates” and "update-ca-certificates

Do you have RapidSSL’s ca-bundle configured in apache?