postfix-users May 2014 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: ECDSA chain cert not working

Re: ECDSA chain cert not working

From: SW <postfix_at_nospam>
Date: Mon May 12 2014 - 19:44:00 GMT
To: postfix-users@postfix.org

Hi Viktor

Many thanks for the reply! So I'm not going crazy...<smiley
image="smiley_beam.gif"/>

You said:

<quote author="Viktor Dukhovni">
A work-around is to list all the relevant CAs in the chain files
for both algorithms. The patches that resolve this for 1.0.2 are
attached for educational purposes only. They are unlikely to apply
to 1.0.1 or earlier in isolation, and in any case would be entirely
untested with 1.0.1 as a base.
</quote>

So do I need to create a chain cert as follows for each cert (RSA and
ECDSA):

cat mail.domain.com.ecdsa.crt
COMODOECCDomainValidationSecureServerCA.crt COMODOECCAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt>
mail.domain.com.chained.postfix.ecdsa.crt

cat mail.domain.com.sha256.crt
COMODOECCDomainValidationSecureServerCA.crt COMODOECCAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt>
mail.domain.com.chained.postfix.sha256.crt

Would this do the trick?