HOWTO: Secure all Kolab Services

[Johannes Kehrer]

Dear All,
Now I have found a pretty good tutorial how to secure the services:
"https://gist.github.com/dhoffend/7008915".

However, if I follow the tutorial step by step, the following out is shown 
with the command "openssl s_client -showcerts -connect localhost:993":

"depth=0 C = DE, CN = mail.example.org, emailAddress = johannes at example.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = DE, CN = mail.example.org, emailAddress = johannes at example.org
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = DE, CN = mail.example.org, emailAddress = johannes at example.org
verify error:num=21:unable to verify the first certificate
verify return:1
"

What puzzles me, is the message "unable to get local issuer certificate" and 
then "certificate not trusted".
Can anybody explain?

Thankes,
Johannes


Am Sonntag, 5. April 2015, 16:56:08 schrieb Johannes Kehrer:
> Dear All,
> I read the instructions to secure the Kolab Services on
> "http://docs.kolab.org/howtos/secure-kolab-server.html".
> I am using Centos 7
> 
> However, step 4 is not clear to me at all (sorry, if it is a naive
> question):
> 
> It sais, Add an SSL group. In the example of the step it shows the
> command
> "# *chown root:mail /etc/pki/tls/private/example.org.key"*
> 
> Shouldn't it be "root:SSH"?
> Which users have to be added to the group SSH?
> 
> Could anybody clarify?
> 
> Thanks in advance,
> Johannes

-- 
Johannes Kehrer
Otto-Hahn-Weg 22
88046 Friedrichshafen
Germany

Tel.: +49 7541 5909784
Mobile: +49 170 9058278

Email: johannes at kehrer.by