[SOLVED] thunderbird and commercial certificate (4.x)

[su_A_ve]

Hello,

We obtained commercial certificates from Verisign. These do need an intermediate cert.

We followed the instructions and https is working fine. Firefox and IE properly list the certificate chain correctly - Verisign root, verisign chain, and cert.

However under thunderbird, only the certificate is display, and of course we get the "Could not verify this certificate for unknown reasons".

The java cacerts keystore seems to contain the verisign root. The tomcat keystore contain both the intermediate and the servers cert.

SMTP outbound TLS works fine. It's just imap. I tried both TLS and SSL but both give the same results.

Is IMAP using a different certificate? slapd.crt, smtpd.crt and perdition.crt only include the server cert. Should it include the intermediate?

TIA...

I

[su_A_ve]

ugh - talk about having to digg this... We run our internal certificate auth, so it was like moving from a commercial cert without an intermediate to one with one, keeping the private key.

This post showed the solution...

I had not noticed that Firefox and IE both already had the intermediate, therefore I never noticed an issue there. However it was not in Thunderbird...

All the instructions on the wiki where based on creating a csr and key from scratch, or importing the root and intermediate certs.