Question
SSL "root certificate not trusted" Ubuntu 12.04 x64, Apache, iRedMail
- Posted on November 5, 2013
Asked by Nick Thompson
So, I installed iRedMail successfully following this tutorial: https://digitalocean.com/community/articles/how-to-install-iredmail-on-ubuntu-12-04-x64
I also installed a RapidSSL certificate and everything works great when pull up the site in my browser (cognizemail.co). And this certificate checker says it’s installed correctly: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO9556
I can send and receive mail just fine, but the issue I’m having is that I have to make a security exception every time I connect or set up an account in mail (OS X). It comes up saying the certificate location/province is GuangDong, China. WTF? That’s not the location I specified when I configured the certificate.
screenshot: http://cognizemail.co/mail.png
It seems to do this regardless of whether I use the www.
This has been driving me nuts! Does anyone have an idea of what could be going on here?
Thanks :)
Nick
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
I finally figured this out. I just need to update the configuration files for Dovecot (/etc/dovecot/dovecot.conf) and Postfix (/etc/postfix/main.cf) to use the correct certificates. <br> <br>I also had to remove the password from the .key file because Postfix wouldn’t cooperate with it.
I read through that and can’t see anything wrong with my setup. I talked with someone at eNom support about the certificate I bought and he said it might have something to do with using the top-level domain for mail instead of a subdomain (i.e., cognizemail.co instead of mail.cognizemail.co) and that I might need a wildcard certificate instead? Doesn’t make sense to me, but what do I know?
Have you check out <a href=“https://www.digitalocean.com/community/articles/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps”>How To Set Up Apache with a Free Signed SSL Certificate on a VPS</a>?