Displaying 5 results from an estimated 5 matches for "korax".
Did you mean:
lorax
2015 Sep 22
0
Dovecot proxy ignores trusted root certificate store
On 22 Sep 2015, at 01:11, Alex Bulan <avb at korax.net> wrote:
>
> On Mon, 21 Sep 2015, Edgar Pettijohn wrote:
>
>> doveconf -n?
>
> doveconf -n|grep ssl should suffice:
>
> ssl = required
> ssl_ca = </usr/local/share/certs/ca-root-nss.crt
> ssl_cert = </path/to/my/file.pem
> ssl_key = </path/to/m...
2015 Sep 21
4
Dovecot proxy ignores trusted root certificate store
On Mon, 21 Sep 2015, Edgar Pettijohn wrote:
> doveconf -n?
doveconf -n|grep ssl should suffice:
ssl = required
ssl_ca = </usr/local/share/certs/ca-root-nss.crt
ssl_cert = </path/to/my/file.pem
ssl_key = </path/to/my/file.pem
ssl_require_crl = no
I'm using "ssl_ca = </usr/local/share/certs/ca-root-nss.crt" as a
temporary workaround, even though this is not what
2015 Sep 21
2
Dovecot proxy ignores trusted root certificate store
On Mon, 21 Sep 2015, Andrew McN wrote:
>> http://wiki2.dovecot.org/Replication
>>
>> (quote)
>> The client must be able to verify that the SSL certificate is valid, so
>> you need to specify the directory containing valid SSL CA roots:
>>
>> ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu
>> ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat
2015 Sep 21
3
Dovecot proxy ignores trusted root certificate store
Dovecot v2.2.18
OS: FreeBSD 10.1/amd64
Dovecot in proxy mode ignores the root certificate store and can't verify
the backend's SSL certificate.
I've pointed ssl_client_ca_file to my root certificate store, but I
suspect ssl_client_ca_file is only used in imapc context. It seems to be
ignored in proxy context.
doveconf -n ssl_client_ca_file:
ssl_client_ca_file =
2015 Sep 21
4
Dovecot proxy ignores trusted root certificate store
The result is the same with or without "<" before the file path. With "<"
the inode atime is updated at Dovecot startup, so the file is at least
opened, but Dovecot still can't verify the cert.
The only place in the Wiki that shows an example of ssl_client_ca_file is
on this page, and there's no "<" in front of the file path: