Displaying 1 result from an estimated 1 matches for "crl_check_all".
2014 Oct 11
0
]UG] Dovecot 2.2.9 SSL client cert verification fails: openssl verify: OK
...n the part of the user.
Dovecot rejects StartSSL client certificates due to reject StartSSL root
CA when doing client verification even though the appropriately
constructed ca-bundle.pem has been created and applied vi ssl_ca =
</etc/dovecot/ca-bundle.pem.
openssl verify -CAfile ca-bundle.pem -crl_check_all -policy_check
-x509_strict -verbose client-cert.pem returns:
client-cert.pem: OK
However dovecot reports the following:
Oct 11 01:41:17 hostname dovecot: imap-login: Invalid certificate:
unable to get local issuer certificate: /C=IL/O=StartCom Ltd./OU=Secure
Digital Certificate Signing/CN=StartC...