SSL "root certificate not trusted" Ubuntu 12.04 x64, Apache, iRedMail

Posted November 5, 2013 9.1k views
So, I installed iRedMail successfully following this tutorial: I also installed a RapidSSL certificate and everything works great when pull up the site in my browser ( And this certificate checker says it's installed correctly: I can send and receive mail just fine, but the issue I'm having is that I have to make a security exception every time I connect or set up an account in mail (OS X). It comes up saying the certificate location/province is GuangDong, China. WTF? That's not the location I specified when I configured the certificate. screenshot: It seems to do this regardless of whether I use the www. This has been driving me nuts! Does anyone have an idea of what could be going on here? Thanks :) Nick

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
6 answers
Do you have RapidSSL's ca-bundle configured in apache?
I put, cognizemail.key, intermediate.crt, and RapidSSL_CA_bundle.pem in /etc/ssl

I have these lines in /etc/apache2/sites-available/default-ssl ...
SSLEngine on
SSLProtocol all
SSLCertificateFile /etc/ssl/
SSLCertificateKeyFile /etc/ssl/cognizemail.key
SSLCACertificateFile /etc/ssl/intermediate.crt

The intermediate.crt is the CA Bundled one from here:

I tried a few other things like: "dpkg-reconfigure ca-certificates" and "update-ca-certificates
RapidSSL_CA_bundle.pem and intermediate.crt contain the same text. I think I just need intermediate.crt, but I'm not sure.
by Nik van der Ploeg
Our focus here is setting up Apache with a free signed SSL Cert on a VPS.
I read through that and can't see anything wrong with my setup. I talked with someone at eNom support about the certificate I bought and he said it might have something to do with using the top-level domain for mail instead of a subdomain (i.e., instead of and that I might need a wildcard certificate instead? Doesn't make sense to me, but what do I know?
I finally figured this out. I just need to update the configuration files for Dovecot (/etc/dovecot/dovecot.conf) and Postfix (/etc/postfix/ to use the correct certificates.

I also had to remove the password from the .key file because Postfix wouldn't cooperate with it.