Markus Winkler
2022-Jan-26 09:19 UTC
Received invalid SSL certificate: unable to get certificate CRL
Hi Laura, On Wed, 26 Jan 2022 at 12:09:04AM +0000, Laura Smith wrote:>??????? Original Message ??????? >> >> I thought that >> >> ssl_ca = </etc/ssl/certs/ca-certificates.crt >> >> is worth a try. > > >Does ssl_ca even apply to dsync/imapc ?as I wrote: I cannot test your scenario and the link to the documentation I sent was only a rough idea.>Looking at the docs its all about client certificate authentication ? Something which does not apply to my environment, and even if it did, it >would not apply to dsync/imapc because I am initiating the connection, not the remote end ?In my understanding this parameter is not only about client certificate authentication. If you want, then please have a look at this: https://doc.dovecot.org/settings/core/#core_setting-ssl_ca [...] These CAs are also used by some processes for validating outgoing SSL connections, i.e. performing the same function as ssl_client_ca_file. [...] And that's why I wrote: it's worth a try (it takes only two minutes to test it ...). IMHO of course. If you don't want to test it, OK. But I have no further ideas, sorry. Regards, Markus
Aki Tuomi
2022-Jan-31 06:24 UTC
Received invalid SSL certificate: unable to get certificate CRL
> On 26/01/2022 11:19 Markus Winkler <ml at irmawi.de> wrote: > > > Hi Laura, > > On Wed, 26 Jan 2022 at 12:09:04AM +0000, Laura Smith wrote: > >??????? Original Message ??????? > >> > >> I thought that > >> > >> ssl_ca = </etc/ssl/certs/ca-certificates.crt > >> > >> is worth a try. > > > > > >Does ssl_ca even apply to dsync/imapc ? > > as I wrote: I cannot test your scenario and the link to the documentation I sent was only a rough idea. > > >Looking at the docs its all about client certificate authentication ? Something which does not apply to my environment, and even if it did, it > >would not apply to dsync/imapc because I am initiating the connection, not the remote end ? > > In my understanding this parameter is not only about client certificate authentication. If you want, then please have a look at this: > > https://doc.dovecot.org/settings/core/#core_setting-ssl_ca > > [...] > These CAs are also used by some processes for validating outgoing SSL connections, i.e. performing the same function as ssl_client_ca_file. > [...] > > And that's why I wrote: it's worth a try (it takes only two minutes to test it ...). IMHO of course. If you don't want to test it, OK. But I have > no further ideas, sorry. > > Regards, > MarkusHi Laura, did you try this? Did it work? Aki
Laura Smith
2022-Feb-06 12:56 UTC
Received invalid SSL certificate: unable to get certificate CRL
------- Original Message ------- On Monday, January 31st, 2022 at 06:24, Aki Tuomi <aki.tuomi at open-xchange.com> wrote:> MarkusHi Laura, did you try this? Did it work? Aki Hi Aki Sorry, your mail got caught in spam. Tried it, it didn't work. So I just ended up using "-o imapc_ssl_verify=no".