Postfix - Courier-Imap - Rapidssl Certificate problems.

Discussion in 'Server Operation' started by mafaka, Jun 22, 2010.

  1. mafaka

    mafaka New Member

    Hi All,

    I was wondering if anyone has ever run into this problem.

    It looks like I have everything setup properly. I followed a howto that I believe was written by falko for fedora 12 postfix courier-imap amavisd spamassasin.

    I started by trying to use a self signed cert but obviously outlook 2007 and other email clients complained about not being able to trust the certificate.

    So I looked into buying a rapidssl certificate.

    Apparently I can use a rapidssl certificate for postifx BUT now outlook 2007 tells me "All of the intended purposes of this certificate could not be verified" has anyone ever seen this error?

    I have been trying to get this cert issues resolved for a week now and its drivingme crazy ! I just want to be able to put this new email server into production without having to worry about my customer's getting annoying error messages in their email clients.

    if anyone can help me with this it would be grately apreciated!!!!
  2. topdog

    topdog Active Member HowtoForge Supporter

    Thats a problem with your certificates EKU's
  3. mafaka

    mafaka New Member

    EKU? With the Key Usages?

    I figured that much but How do I fix it ?
  4. topdog

    topdog Active Member HowtoForge Supporter

    You get rapidssl to issue you with a correct certificate.
  5. mafaka

    mafaka New Member

    I spent all day talking with a support rep from rapidssl last week and he basically told me that the certs they send out all have the 4 keys identified.

    I was trying to explain to the cupport guy that to me it really seemed like the cert contained more key usages than I needed and that I just wanted to have a cert that only contains the ones I needed.

    He told me all rapidssl certs are signed by the root with all 4 keys...

    I guess I should try calling them this time?

    Can you tell me which of the 4 keys the cert should contain?


    Also, do I need to specify which key usages I would like the cert to contain when i create the CSR file? If so how do I do this? is it through the openssl.cnf file ?

    Anyone that can help please by all means helppppppppp!
    Last edited: Jun 22, 2010
  6. mafaka

    mafaka New Member

    Well the rapidssl tech is sending an issue to their engineers to try to have a certificate issued to me that will only have Digital Signature, Non-Repudiation key usage specified.

    I sure hope they can issue me a cert with just the keys that a re required.

Share This Page