search for: ssl_alt_cert

...lt;/div> <div> <br> </div> <div> <br> </div> <div> On 08/03/18 18:43, Peter Linss wrote: </div> <blockquote type="cite"> <div> I just added an ECDSA certificate to my mail server using ssl_alt_cert (the RSA certificate is specified by ssl_cert), both certificate files contain the certificate and a single intermediate (which currently happens to be the same intermediate from Let’s Encrypt). </div> </blockquote> <blockquote type="cite"> <div>...

...0 March 2018 at 14:49 John Fawcett < john at voipsupport.it > >> <mailto:john at voipsupport.it>> wrote: > >> > >> > >> On 08/03/18 18:43, Peter Linss wrote: > >>> I just added an ECDSA certificate to my mail server using > >>> ssl_alt_cert (the RSA certificate is specified by ssl_cert), both > >>> certificate files contain the certificate and a single intermediate > >>> (which currently happens to be the same intermediate from Let?s > >>> Encrypt). > >>> When connecting to the server us...

...it > > > >> <mailto:john at voipsupport.it>> wrote: > > > >> > > > >> > > > >> On 08/03/18 18:43, Peter Linss wrote: > > > >>> I just added an ECDSA certificate to my mail server using > > > >>> ssl_alt_cert (the RSA certificate is specified by ssl_cert), both > > > >>> certificate files contain the certificate and a single intermediate > > > >>> (which currently happens to be the same intermediate from Let?s > > > >>> Encrypt). > > > >&...

I just added an ECDSA certificate to my mail server using ssl_alt_cert (the RSA certificate is specified by ssl_cert), both certificate files contain the certificate and a single intermediate (which currently happens to be the same intermediate from Let?s Encrypt). When connecting to the server using either RSA or ECDSA ciphers, the server sends the proper certificat...

...uomi wrote: > >> On 10 March 2018 at 14:49 John Fawcett < john at voipsupport.it >> <mailto:john at voipsupport.it>> wrote: >> >> >> On 08/03/18 18:43, Peter Linss wrote: >>> I just added an ECDSA certificate to my mail server using >>> ssl_alt_cert (the RSA certificate is specified by ssl_cert), both >>> certificate files contain the certificate and a single intermediate >>> (which currently happens to be the same intermediate from Let?s >>> Encrypt). >>> When connecting to the server using either RSA or EC...

...cett < john at voipsupport.it > > >> <mailto:john at voipsupport.it>> wrote: > > >> > > >> > > >> On 08/03/18 18:43, Peter Linss wrote: > > >>> I just added an ECDSA certificate to my mail server using > > >>> ssl_alt_cert (the RSA certificate is specified by ssl_cert), both > > >>> certificate files contain the certificate and a single intermediate > > >>> (which currently happens to be the same intermediate from Let?s > > >>> Encrypt). > > >>> When connect...

On 08/03/18 18:43, Peter Linss wrote: > I just added an ECDSA certificate to my mail server using ssl_alt_cert (the RSA certificate is specified by ssl_cert), both certificate files contain the certificate and a single intermediate (which currently happens to be the same intermediate from Let?s Encrypt). > > When connecting to the server using either RSA or ECDSA ciphers, the server sends the proper c...

Hello, I'm running dovecot 2.3.1 (c5a5c0c82) and trying to experiment with using both RSA and ECDSA certificates. My configuration is as follow: ssl_alt_cert = </path/to/my.rsa.key ssl_alt_key = </path/to/my.rsa.key ssl_cert = </path/to/my.ecdsa.pem ssl_key = </path/to/my.ecdsa.key Both certificates are let's encrypt certificate, so both are using the same intermediate CA. The certificate chain are: for rsa: - my certificate - Let&...

On 2018-05-16 (08:54 MDT), Jean-Daniel Dupas <jddupas at xooloo.com> wrote: > > My problem is that when connecting, dovecot includes 2 copies of Let's Encrypt Authority X3 in the certificate chain. I think Dovecot 2.2 also has this issue, if I remember previous posts accurately. Recommendations to include the full chain in the cert didn't seem to work. -- Eyes the shady

On 17.05.2018 16:33, @lbutlr wrote: > On 2018-05-16 (08:54 MDT), Jean-Daniel Dupas <jddupas at xooloo.com> wrote: >> My problem is that when connecting, dovecot includes 2 copies of Let's Encrypt Authority X3 in the certificate chain. > I think Dovecot 2.2 also has this issue, if I remember previous posts accurately. Recommendations to include the full chain in the cert

...latest version of AquaMail running on android. Thanks. Dave. On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > You should, in practice, enable both. This gives best client compability. It > is possible you have clients that cannot understand ECC certificates? You > can use ssl_alt_cert to provide RSA cert too. > > Aki > >> On 30 July 2018 at 20:05 David Mehler <dave.mehler at gmail.com> wrote: >> >> >> Hi, >> >> Thanks, good news is that worked. Bad news is it all looks good which >> means I do not know hwhy my remote clien...

...gt; > > > > On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > >> You should, in practice, enable both. This gives best client compability. > >> It > >> is possible you have clients that cannot understand ECC certificates? You > >> can use ssl_alt_cert to provide RSA cert too. > >> > >> Aki > >> > >>> On 30 July 2018 at 20:05 David Mehler <dave.mehler at gmail.com> wrote: > >>> > >>> > >>> Hi, > >>> > >>> Thanks, good news is that worked. Bad...

....tar.gz.sig Unless new bugs are found, this will be the final v2.2.31 release, which will be released on Monday. * LMTP: Removed "(Dovecot)" from added Received headers. Some installations want to hide it, and there's not really any good reason for anyone to have it. + Add ssl_alt_cert and ssl_alt_key settings to add support for having both RSA and ECDSA certificates. + pop3-migration plugin: Strip trailing whitespace from headers when matching mails between IMAP and POP3. This helps with migrations from Zimbra. + acl: Add acl_globals_only setting to disable looking up...

....tar.gz.sig Unless new bugs are found, this will be the final v2.2.31 release, which will be released on Monday. * LMTP: Removed "(Dovecot)" from added Received headers. Some installations want to hide it, and there's not really any good reason for anyone to have it. + Add ssl_alt_cert and ssl_alt_key settings to add support for having both RSA and ECDSA certificates. + pop3-migration plugin: Strip trailing whitespace from headers when matching mails between IMAP and POP3. This helps with migrations from Zimbra. + acl: Add acl_globals_only setting to disable looking up...

Hi, Thanks, good news is that worked. Bad news is it all looks good which means I do not know hwhy my remote clients can't get their email, looked like from the logs it was that. Would 143 be better or 993 for the external clients? Thanks. Dave. On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > >> On 30 July 2018 at 19:16 David Mehler <dave.mehler at gmail.com>

...net_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12340 } } ssl_alt_cert = </usr/local/etc/ssl/acme/mail.firc.de_ecc/cert.pem ssl_alt_key = </usr/local/etc/ssl/acme/mail.firc.de_ecc/key.pem ssl_ca = /usr/local/etc/ssl/acme/ca.pem ssl_cert = </usr/local/etc/ssl/acme/mail.firc.de/cert.pem ssl_dh_parameters_length = 2048 ssl_key = # hidden, use -P to show it ssl_...

...ase for the summer :) v2.2.32 is planned for the end of August. Hopefully soon afterwards we can get back to v2.3. * LMTP: Removed "(Dovecot)" from added Received headers. Some installations want to hide it, and there's not really any good reason for anyone to have it. + Add ssl_alt_cert and ssl_alt_key settings to add support for having both RSA and ECDSA certificates. + dsync/imapc, pop3-migration plugin: Strip trailing whitespace from headers when matching mails. This helps with migrations from Zimbra. + acl: Add acl_globals_only setting to disable looking up per-mail...

...ase for the summer :) v2.2.32 is planned for the end of August. Hopefully soon afterwards we can get back to v2.3. * LMTP: Removed "(Dovecot)" from added Received headers. Some installations want to hide it, and there's not really any good reason for anyone to have it. + Add ssl_alt_cert and ssl_alt_key settings to add support for having both RSA and ECDSA certificates. + dsync/imapc, pop3-migration plugin: Strip trailing whitespace from headers when matching mails. This helps with migrations from Zimbra. + acl: Add acl_globals_only setting to disable looking up per-mail...

You should, in practice, enable both. This gives best client compability. It is possible you have clients that cannot understand ECC certificates? You can use ssl_alt_cert to provide RSA cert too. Aki > On 30 July 2018 at 20:05 David Mehler <dave.mehler at gmail.com> wrote: > > > Hi, > > Thanks, good news is that worked. Bad news is it all looks good which > means I do not know hwhy my remote clients can't get their email, > loo...

...> > Thanks. > Dave. > > > On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: >> You should, in practice, enable both. This gives best client compability. >> It >> is possible you have clients that cannot understand ECC certificates? You >> can use ssl_alt_cert to provide RSA cert too. >> >> Aki >> >>> On 30 July 2018 at 20:05 David Mehler <dave.mehler at gmail.com> wrote: >>> >>> >>> Hi, >>> >>> Thanks, good news is that worked. Bad news is it all looks good which >>>...