Markus Winkler
2022-Jan-25 20:19 UTC
Received invalid SSL certificate: unable to get certificate CRL
Hi Laura, On 25.01.22 11:48, Laura Smith wrote:> Thanks for your suggestion, I have a couple of questions about it though. > First, my understanding from the docs was that ssl_client_ca_* wereoverride parameters and that in the absence of the parameters, Dovecot would default to using OpenSSL defaults ? (And building on that, as per my manual tests, you can see OpenSSL returns an "OK" on the validation). To be honest: I dont have a setup like yours to test it. I just remembered a mail from Aki in which he mentioned this part of the documentation and so I thought that ssl_ca = </etc/ssl/certs/ca-certificates.crt is worth a try.> Second, I'm dealing with standard Let's Encrypt certs here, no private PKI certs here.Yes, I know. And it seems, that all is fine with them. Regards, Markus
Laura Smith
2022-Jan-26 00:09 UTC
Received invalid SSL certificate: unable to get certificate CRL
??????? Original Message ???????> > I thought that > > ssl_ca = </etc/ssl/certs/ca-certificates.crt > > is worth a try.Does ssl_ca even apply to dsync/imapc ? Looking at the docs its all about client certificate authentication ? Something which does not apply to my environment, and even if it did, it would not apply to dsync/imapc because I am initiating the connection, not the remote end ?