virtualmin do not copy intermediate CA into dovecot certs

hi,

when you configure ssl for website virtualmin is not configuring the intermediate CA into the certificate. The issue is that dovecot REQUIRES the intermediate ca to be combined into the ssl_cert parameter.

as said on dovecot documentation:

Chained SSL certificates

Put all the certificates in the ssl_cert file. For example when using a certificate signed by TDC the correct order is:

    Dovecot's public certificate
    TDC SSL Server CA
    TDC Internet Root CA
    Globalsign Partners CA

As virtualmin do not copy it this means it will fail for all authorities that requires intermediate CA like letsencrypt :

local_name xxxxxxxxxxxxx {
ssl_cert = </home/zero00-site-par-defaut/ssl.cert
ssl_key = </home/zero00-site-par-defaut/ssl.key
}
-rwx------ 1 zero00-site-par-defaut 000-site-par-defaut 1.9K Apr 24 17:15 /home/zero00-site-par-defaut/ssl.cert

>: grep  '\-\-' /home/zero00-site-par-defaut/ssl.cert
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

https://wiki.dovecot.org/SSL/DovecotConfiguration
https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/#...

would it be possible that virtualmin use the combined file and not the cert file for dovecot ?

ps ssl_ca is used for client auth and not for the intermediate ca.

best regards, Ghislain.

Status: 
Active

Comments

this can be automated by a hook that do this

        if [ -f /etc/dovecot/dovecot.conf ]; then
                echo -e "Correction et redemmarage de dovecot ${SAUTDELIGNE}"
                sed -i  's/^[[:blank:]]*ssl_cert[[:blank:]]*=\([[:blank:]]*<.*\)\/ssl.cert/ssl_cert=\1\/ssl.combined/' /etc/dovecot/dovecot.conf;
                service dovecot reload;
                echo -e "${SAUTDELIGNE}${SAUTDELIGNE}"
        fi