Displaying 20 results from an estimated 218 matches for "ssl_ca_fil".
Did you mean:
ssl_ca_file
2017 May 31
2
Bug with 2.2.29-1~auto+25 back to haunt me
> On May 31, 2017 at 6:10 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote:
>
>
> * Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>:
>
> > So I added
> > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt
> >
> > But alas:
> > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by ssl_ca = <file
> >
> > Gnarf! As you can see I do HAVE ssl_ca in m...
2017 Jun 02
2
Bug with 2.2.29-1~auto+25 back to haunt me
> On June 1, 2017 at 1:42 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote:
>
>
> * Aki Tuomi <aki.tuomi at dovecot.fi>:
>
> > > > So I added
> > > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt
> > > >
> > > > But alas:
> > > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by ssl_ca = <file
> > > >
> > >...
2004 Aug 24
0
Re: ssl_ca_file
> I am using 0.99.10.7-1 on Debian, and I'm having some trouble with SSL. I
> purchased a certificate from Thawte and I can't figure out how to tell
> dovecot about the CA cert. Adding ssl_ca_file to my configuration produces
> "Unknown setting: ssl_ca_file" on dovecot startup.
>
> Postfix has a smtpd_tls_CAfile argument and that part is working fine.
>
> Is this a Debian-specific problem or is ssl_ca_file newer than 0.99.10.7?
I guess ssl_ca_file is newer than 0.99...
2009 Nov 17
2
2.0.alpha3 ssl_ca_file is broken
In dovecot-2.0.alpha3, setting "ssl_ca_file = /path/to/file" in conf.d/ssl.conf does not work, because imap-login chroots before opening the ca_file. Perhaps this parameter could be replaced with "ssl_ca = </path/to/file" as was done with ssl_cert and ssl_key.
Tue Nov 17 11:19:38 server dovecot[1143]: imap-login: Fatal:...
2004 Aug 24
0
Unknown setting: ssl_ca_file
I am using 0.99.10.7-1 on Debian, and I'm having some trouble with SSL. I
purchased a certificate from Thawte and I can't figure out how to tell
dovecot about the CA cert. Adding ssl_ca_file to my configuration produces
"Unknown setting: ssl_ca_file" on dovecot startup.
Postfix has a smtpd_tls_CAfile argument and that part is working fine.
Is this a Debian-specific problem or is ssl_ca_file newer than 0.99.10.7?
--
Jacob Elder
2017 May 31
2
Bug with 2.2.29-1~auto+25 back to haunt me
After upgrading from 2.2.28-1~auto+45 to 2.2.29-1~auto+25 I'm gettings
this:
May 31 16:44:31 mproxy dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file setting
May 31 16:44:31 mproxy dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs
May 31 16:44:31 mproxy dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 2 secs): user=<>, rip=141.42.206.36, lip=141.42.206.11...
2004 Nov 25
0
ssl_ca_file
I am very fond of Dovecot, but it would be nice to have a more useful
SSL implementation. When do you think we'll see a non-beta version that
supports ssl_ca_file? I am running 0.99.11-3 from Debian testing.
--
Jacob Elder
2009 Mar 13
1
how to handle CA CRL updates with client certificate verification context ?
Hello,
As far as I can read in the Dovecot SSL configuration wiki page, each CA
cert must be followed by the related CA CRL in the client certificate
verification context ("ssl_ca_file" setting). In my company we do have
our own PKI and as soon as Client certificate is compromised we do
revoke it and update the related CA's CRL.
Does that mean that I have to issue a new "ssl_ca_file" file as soon as
our issuing CA CRL is updated ? If yes, does someone has a...
2017 Jun 01
0
Bug with 2.2.29-1~auto+25 back to haunt me
* Aki Tuomi <aki.tuomi at dovecot.fi>:
> > > So I added
> > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt
> > >
> > > But alas:
> > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by ssl_ca = <file
> > >
> > > Gnarf! As you can...
2006 Jul 31
2
Dovecot and SSL certificates
...default): PLAIN(?,...): Client didn't present
valid SSL certificate
Are we doing something wrong, or is dovecot mixing up something
while checking the certificates.
Note that the certificates are all valid and have not expired.
The <user cert> is signed by the <CA cert> and we set
ssl_ca_file to the CA certificate PEM file.
Ideally, we'd like to only accept login requests from users which
have a valid certificate signed by our CA. Even better would be
an approach such as the one taken by Postfix where you have
to provide a list of valid MD5 hash sums for the users you'd
like t...
2013 Dec 05
1
Syslog debug messages
...g_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap imaps managesieve pop3s
listen(default): *:143,[::]:143
listen(imap): *:143,[::]:143
listen(pop3): *
listen(managesieve): *
ssl_listen(default): *:993,[::]:993
ssl_listen(imap): *:993,[::]:993
ssl_listen(pop3): *:2221,[::]:2221
ssl_listen(managesieve):
ssl_ca_file(default): /etc/dovecot/ca.crt
ssl_ca_file(imap): /etc/dovecot/ca.crt
ssl_ca_file(pop3): /etc/dovecot/ca.crt
ssl_ca_file(managesieve):
ssl_cert_file(default): /etc/dovecot/ufsc.br.crt
ssl_cert_file(imap): /etc/dovecot/ufsc.br.crt
ssl_cert_file(pop3): /etc/dovecot/ufsc.br.crt
ssl_cert_file(managesie...
2017 Jun 02
0
Bug with 2.2.29-1~auto+25 back to haunt me
* Aki Tuomi <aki.tuomi at dovecot.fi>:
> I meant
>
> passdb {
> driver = imap
> args = ... ssl_ca_file=/path/to/ca
> }
That doesn't work:
passdb {
driver = imap
# Change the line below to reflect the IP address of your Exchange Server.
args = host=exchange-imap.charite.de port=993 ssl=imaps ssl_ca=</etc/ssl/certs/ca-certificates.crt
...
or
args = host=exchange-imap.charite.de p...
2009 Jul 30
1
Dovecot with SSL Client Certification
...ficates and
dovecot.crt to thunderbird authorities
(i've tried claws mail too - same errors)
My dovecot.conf is this:
[root at myhome dovecot]# dovecot -n
# 1.2.2: /usr/local/etc/dovecot.conf
# OS: Linux 2.6.30-ARCH i686 ext4
info_log_path: /var/log/dovecot.log
protocols: imaps
ssl: required
ssl_ca_file: /opt/certificates/dovecot/dovecot.crl
ssl_cert_file: /opt/certificates/dovecot/dovecot.crt
ssl_key_file: /opt/certificates/dovecot/dovecot.key
ssl_cipher_list: ALL:!LOW:!SSLv2
ssl_verify_client_cert: yes
verbose_ssl: yes
login_dir: /usr/local/var/run/dovecot/login
login_executable: /usr/local/lib...
2017 Jan 06
1
Auth-policy: auth_policy_server_url and https support
...trusted CAs (ssl_client_ca_* settings)
and in version 2.3.devel
Policy server HTTP error: 9002 Requested https connection, but no SSL settings given
dovecot.conf does have ?ssl_client_ca_dir = /etc/ssl/certs? set.
Looking around the source, http-client-settings are not given the ssl_ca_dir or ssl_ca_file setting from the config.
Admittedly SSL tear up/down is little expensive per auth, but I think it maybe it should still work?
2017 May 31
0
Bug with 2.2.29-1~auto+25 back to haunt me
* Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>:
> So I added
> ssl_ca_file = /etc/ssl/certs/ca-certificates.crt
>
> But alas:
> May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by ssl_ca = <file
>
> Gnarf! As you can see I do HAVE ssl_ca in my doveconf -n output!
>...
2008 Mar 07
1
Can't load private key file
...ilserver/mail.mydomain.tld.key: error:0906A068:PEM
routines:PEM_do_header:bad password read
My dovecot.conf has the following set.
# Uncomment these if using SSL
ssl_cert_file = /etc/ssl/mailserver/mail.mydomain.tld.crt
ssl_key_file = /etc/ssl/mailserver/mail.mydomain.tld.key
#ssl_key_password =
#ssl_ca_file = /etc/ssl/mailserver/ca/mydomain.pem
#ssl_verify_client_cert = yes
ssl_parameters_regenerate = 168
verbose_ssl = no
I have been playing about with it all for about 3 hours now and would
greatly appreciate any help ;)
Regards
Adam
---------------------------------------------------------------...
2008 Jan 30
2
SSL certificate?
When I install an SSL certificate, I can't find a config option to set configure the Server Certificate Chain
file...
Is this not possible or can I do it another way?
(When I connect, I am being told the Signature status is uncheckable...)
Regards,
BTJ
--
-----------------------------------------------------------------------------------------------
Bj?rn T Johansen
btj at havleik.no
2007 Oct 26
1
SSL help needed - "no root certificate"
...ile, but the client
(Mail.app) complains:
Mail was unable to verify the identity of this server, which has a
certificate issued to "imap.nccom.com". The error was:
There is no root certificate for this server.
So I tried downloading Go Daddy's root certificate and pointing
ssl_ca_file to that file, but that didn't help.
So I tried pointing ssl_ca_file to the intermediate certificate sent to
me by Go Daddy, but that breaks things to the point where I never even
get the above message; just nothing happens at all.
I'm not sure what to try next and am happy to entertain a...
2007 Apr 03
2
No CA names sent in TLS handshake
Hello,
I'm setting up Dovecot with client certificates and everything is
working fine as long as the client only has one certificate in his
store. If he has more than one, the wrong one might be sent to the server.
The root of the problem is that Dovecot does not send out a list of
valid CA names in the TLS handshake.
If I connect using openssl s_client I get:
"No client
2009 Nov 02
2
X.509 certificate based IMAP login
Hello list,
The dovecot version is 1.2.6 running on Solaris x86 11 (nv-b91).
The relevant configuration lines are:
passdb ldap { # LDAP database (doc/wiki/AuthDatabase.LDAP.txt.)
args = /pfx/etc/dovecot/dovecot-ldap.conf
}
The file dovecot-ldap.conf is correct and LDAP authentication is
working well.
We would like to make it possible for users with a X.509 client
certificate to log in