On 2022-11-09 16:59, Alexander Dalloz wrote:> Am 09.11.2022 um 15:58 schrieb Ruben Safir:
>> Hello
>>
>> I am getting this error and I have no idea why. openssh is upto date
>
> You have a self-signed certificate in place. The connecting client
> cannot valide whether to trust to answering server.
>
> Alexander
Try to run the following against the client certificate full chain and
cert file:-
ope nssl verify -CAfile fullchain.pem cert.pem
if it did throw an error then try verifying with an updated CA
certificates bundle directly from OS using the following which works
with me in RHEL7:-
y um reinstall ca-certificatesupdate-ca-trust
Or if already installed.
update-ca-trust.
Given you are using a self signed certificate, I guess, you will have to
append manually the CA certificate, which you've used to sign the self
signed client certificate in CA bundle PEM file i.e. tls-ca-bundle.pem.
Also, you will have to reference the CA file in dovecot using the
following:-
ssl_client_ca_file = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
ssl_verify_client_cert = yes
Good luck.
Zakaria.