search for: ssl_ca_file

Displaying 20 results from an estimated 218 matches for "ssl_ca_file".

2017 May 31
2
Bug with 2.2.29-1~auto+25 back to haunt me
> On May 31, 2017 at 6:10 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote: > > > * Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>: > > > So I added > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > > > But alas: > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by ssl_ca = <file > > > > Gnarf! As you can see I do HAVE ssl_ca in my...
2017 Jun 02
2
Bug with 2.2.29-1~auto+25 back to haunt me
> On June 1, 2017 at 1:42 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote: > > > * Aki Tuomi <aki.tuomi at dovecot.fi>: > > > > > So I added > > > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > > > > > > > But alas: > > > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by ssl_ca = <file > > > > > > >...
2004 Aug 24
0
Re: ssl_ca_file
> I am using 0.99.10.7-1 on Debian, and I'm having some trouble with SSL. I > purchased a certificate from Thawte and I can't figure out how to tell > dovecot about the CA cert. Adding ssl_ca_file to my configuration produces > "Unknown setting: ssl_ca_file" on dovecot startup. > > Postfix has a smtpd_tls_CAfile argument and that part is working fine. > > Is this a Debian-specific problem or is ssl_ca_file newer than 0.99.10.7? I guess ssl_ca_file is newer than 0.99....
2009 Nov 17
2
2.0.alpha3 ssl_ca_file is broken
In dovecot-2.0.alpha3, setting "ssl_ca_file = /path/to/file" in conf.d/ssl.conf does not work, because imap-login chroots before opening the ca_file. Perhaps this parameter could be replaced with "ssl_ca = </path/to/file" as was done with ssl_cert and ssl_key. Tue Nov 17 11:19:38 server dovecot[1143]: imap-login: Fatal: E...
2004 Aug 24
0
Unknown setting: ssl_ca_file
I am using 0.99.10.7-1 on Debian, and I'm having some trouble with SSL. I purchased a certificate from Thawte and I can't figure out how to tell dovecot about the CA cert. Adding ssl_ca_file to my configuration produces "Unknown setting: ssl_ca_file" on dovecot startup. Postfix has a smtpd_tls_CAfile argument and that part is working fine. Is this a Debian-specific problem or is ssl_ca_file newer than 0.99.10.7? -- Jacob Elder
2017 May 31
2
Bug with 2.2.29-1~auto+25 back to haunt me
After upgrading from 2.2.28-1~auto+45 to 2.2.29-1~auto+25 I'm gettings this: May 31 16:44:31 mproxy dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file setting May 31 16:44:31 mproxy dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs May 31 16:44:31 mproxy dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 2 secs): user=<>, rip=141.42.206.36, lip=141.42.206.11,...
2004 Nov 25
0
ssl_ca_file
I am very fond of Dovecot, but it would be nice to have a more useful SSL implementation. When do you think we'll see a non-beta version that supports ssl_ca_file? I am running 0.99.11-3 from Debian testing. -- Jacob Elder
2009 Mar 13
1
how to handle CA CRL updates with client certificate verification context ?
Hello, As far as I can read in the Dovecot SSL configuration wiki page, each CA cert must be followed by the related CA CRL in the client certificate verification context ("ssl_ca_file" setting). In my company we do have our own PKI and as soon as Client certificate is compromised we do revoke it and update the related CA's CRL. Does that mean that I have to issue a new "ssl_ca_file" file as soon as our issuing CA CRL is updated ? If yes, does someone has an...
2017 Jun 01
0
Bug with 2.2.29-1~auto+25 back to haunt me
* Aki Tuomi <aki.tuomi at dovecot.fi>: > > > So I added > > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > > > > > But alas: > > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by ssl_ca = <file > > > > > > Gnarf! As you can s...
2006 Jul 31
2
Dovecot and SSL certificates
...default): PLAIN(?,...): Client didn't present valid SSL certificate Are we doing something wrong, or is dovecot mixing up something while checking the certificates. Note that the certificates are all valid and have not expired. The <user cert> is signed by the <CA cert> and we set ssl_ca_file to the CA certificate PEM file. Ideally, we'd like to only accept login requests from users which have a valid certificate signed by our CA. Even better would be an approach such as the one taken by Postfix where you have to provide a list of valid MD5 hash sums for the users you'd like to...
2013 Dec 05
1
Syslog debug messages
...g_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps managesieve pop3s listen(default): *:143,[::]:143 listen(imap): *:143,[::]:143 listen(pop3): * listen(managesieve): * ssl_listen(default): *:993,[::]:993 ssl_listen(imap): *:993,[::]:993 ssl_listen(pop3): *:2221,[::]:2221 ssl_listen(managesieve): ssl_ca_file(default): /etc/dovecot/ca.crt ssl_ca_file(imap): /etc/dovecot/ca.crt ssl_ca_file(pop3): /etc/dovecot/ca.crt ssl_ca_file(managesieve): ssl_cert_file(default): /etc/dovecot/ufsc.br.crt ssl_cert_file(imap): /etc/dovecot/ufsc.br.crt ssl_cert_file(pop3): /etc/dovecot/ufsc.br.crt ssl_cert_file(managesiev...
2017 Jun 02
0
Bug with 2.2.29-1~auto+25 back to haunt me
* Aki Tuomi <aki.tuomi at dovecot.fi>: > I meant > > passdb { > driver = imap > args = ... ssl_ca_file=/path/to/ca > } That doesn't work: passdb { driver = imap # Change the line below to reflect the IP address of your Exchange Server. args = host=exchange-imap.charite.de port=993 ssl=imaps ssl_ca=</etc/ssl/certs/ca-certificates.crt ... or args = host=exchange-imap.charite.de po...
2009 Jul 30
1
Dovecot with SSL Client Certification
...ficates and dovecot.crt to thunderbird authorities (i've tried claws mail too - same errors) My dovecot.conf is this: [root at myhome dovecot]# dovecot -n # 1.2.2: /usr/local/etc/dovecot.conf # OS: Linux 2.6.30-ARCH i686 ext4 info_log_path: /var/log/dovecot.log protocols: imaps ssl: required ssl_ca_file: /opt/certificates/dovecot/dovecot.crl ssl_cert_file: /opt/certificates/dovecot/dovecot.crt ssl_key_file: /opt/certificates/dovecot/dovecot.key ssl_cipher_list: ALL:!LOW:!SSLv2 ssl_verify_client_cert: yes verbose_ssl: yes login_dir: /usr/local/var/run/dovecot/login login_executable: /usr/local/libe...
2017 Jan 06
1
Auth-policy: auth_policy_server_url and https support
...trusted CAs (ssl_client_ca_* settings) and in version 2.3.devel Policy server HTTP error: 9002 Requested https connection, but no SSL settings given dovecot.conf does have ?ssl_client_ca_dir = /etc/ssl/certs? set. Looking around the source, http-client-settings are not given the ssl_ca_dir or ssl_ca_file setting from the config. Admittedly SSL tear up/down is little expensive per auth, but I think it maybe it should still work?
2017 May 31
0
Bug with 2.2.29-1~auto+25 back to haunt me
* Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>: > So I added > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > But alas: > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by ssl_ca = <file > > Gnarf! As you can see I do HAVE ssl_ca in my doveconf -n output! >...
2008 Mar 07
1
Can't load private key file
...ilserver/mail.mydomain.tld.key: error:0906A068:PEM routines:PEM_do_header:bad password read My dovecot.conf has the following set. # Uncomment these if using SSL ssl_cert_file = /etc/ssl/mailserver/mail.mydomain.tld.crt ssl_key_file = /etc/ssl/mailserver/mail.mydomain.tld.key #ssl_key_password = #ssl_ca_file = /etc/ssl/mailserver/ca/mydomain.pem #ssl_verify_client_cert = yes ssl_parameters_regenerate = 168 verbose_ssl = no I have been playing about with it all for about 3 hours now and would greatly appreciate any help ;) Regards Adam ----------------------------------------------------------------...
2008 Jan 30
2
SSL certificate?
When I install an SSL certificate, I can't find a config option to set configure the Server Certificate Chain file... Is this not possible or can I do it another way? (When I connect, I am being told the Signature status is uncheckable...) Regards, BTJ -- ----------------------------------------------------------------------------------------------- Bj?rn T Johansen btj at havleik.no
2007 Oct 26
1
SSL help needed - "no root certificate"
...ile, but the client (Mail.app) complains: Mail was unable to verify the identity of this server, which has a certificate issued to "imap.nccom.com". The error was: There is no root certificate for this server. So I tried downloading Go Daddy's root certificate and pointing ssl_ca_file to that file, but that didn't help. So I tried pointing ssl_ca_file to the intermediate certificate sent to me by Go Daddy, but that breaks things to the point where I never even get the above message; just nothing happens at all. I'm not sure what to try next and am happy to entertain an...
2007 Apr 03
2
No CA names sent in TLS handshake
Hello, I'm setting up Dovecot with client certificates and everything is working fine as long as the client only has one certificate in his store. If he has more than one, the wrong one might be sent to the server. The root of the problem is that Dovecot does not send out a list of valid CA names in the TLS handshake. If I connect using openssl s_client I get: "No client
2009 Nov 02
2
X.509 certificate based IMAP login
Hello list, The dovecot version is 1.2.6 running on Solaris x86 11 (nv-b91). The relevant configuration lines are: passdb ldap { # LDAP database (doc/wiki/AuthDatabase.LDAP.txt.) args = /pfx/etc/dovecot/dovecot-ldap.conf } The file dovecot-ldap.conf is correct and LDAP authentication is working well. We would like to make it possible for users with a X.509 client certificate to log in