search for: ssl_cert

...deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.2 main I configured multiple SSL certificates with client TLS SNI (see http://wiki2.dovecot.org/SSL/DovecotConfiguration). Since my last update I get some warnings: doveconf: Warning: /etc/dovecot/conf.d/10-ssl.conf line 12: Global setting ssl_cert won't change the setting inside an earlier filter at /etc/dovecot/conf.d/10-ssl-langzeittest.de.conf line 4 doveconf: Warning: /etc/dovecot/conf.d/10-ssl.conf line 13: Global setting ssl_key won't change the setting inside an earlier filter at /etc/dovecot/conf.d/10-ssl-langzeittest.de.conf...

After upgrading to 2.31 I'm getting this error. Not sure what I'm doing wrong. No (No signatures could be verified because the chain contains only one certificate and it is not self signed.) ssl = yes ssl_cert = </etc/exim/certs/ctyme.com.crt ssl_key = </etc/exim/certs/ctyme.com.key ssl_ca = </etc/exim/certs/ca.crt local mail.ctyme.com { ? protocol imap { ??? ssl_cert = </etc/exim/certs/ctyme.com.crt ??? ssl_key = </etc/exim/certs/ctyme.com.key ??? ssl_ca = </etc/exim/certs/ca.crt...

I'm bringing up a new email server starting without TLS initially. In 10-ssl.conf I set ssl = no, but the default ssl_cert and ssl_key lines are not commented out. I got the obvious error message: ------------------------------ doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/ssl/certs/dovecot.pem: No such file or directory /usr/local/etc...

hello trying to install dovecot 2 on a fresh installed machine I get this error message : doveconf -n > dovecot-new.conf doveconf: Error: ssl enabled, but ssl_cert not set doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set the ssl config file look like the following : Thanks for any info. ## ## SSL settings ## # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = yes # PEM en...

...le not normally a problem if your setup for SSL with valid key/certs, if you have a self signed or no CERT at all, it starts connection warnings and errors on the client side. So is there any way possible to turn off advertising of TLS on port or turn it off/on per IP? Something like: ssl = yes ssl_cert = </etc/ssl/cert/default.pem ssl_key = </etc/ssl/cert/default.pem local 10.1.1.1 { protocol imap { ssl_cert = </etc/ssl/cert/site1.pem ssl_key = </etc/ssl/cert/site1.pem } protocol pop3 { ssl_cert = </etc/ssl/cert/site1.pem ssl_key = </etc/ssl/cert/...

...client -servername mail.xxxxx.com -connect x.x.x.x:pop3s gives a 'Verify return code: 0 (ok)' I can't imagine this sni support is not available in recent versions. Should I remove this default certificate in the main section of 10-ssl.conf? These lines I have added to 10-ssl.conf ssl_cert = </etc/pki/tls/certs/mail-wildcard.crt ssl_key = </etc/pki/tls/private/mail-wildcard.key local 192.168.10.43 { ssl_key = </etc/pki/tls/private/xxxxxxx.local.key ssl_cert = </etc/pki/tls/certs/xxxxxxx.local.crt } local_name mail.xxxxx.com { ssl_key = </etc/pki/tls/private/ma...

Hello, It seems that Dovecot ignores the new /ssl_cert and ssl_key /settings. Using them in the dovecot configuration results in the error: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY] Using the old /ssl_//cert//_file/ and /ssl_key_file/ results in their being obsolet...

Dovecot 2.3.3 (dcead646b) openSUSE Leap 15.0 I am getting a weird error message: Fatal: Error in configuration file /etc/dovecot/local.conf line 16: ssl_cert: Can't open file /etc/foobar/ssl/certbot.pem: Permission denied I have tried the following: - chmod -R 655 /etc/foobar/ssl (/etc/foobar is 755) - create "ssl_users" group add dovecot to it chown -R dovecot:ssl_users /etc/foobar/ssl How can I fix this ? There's no obvious soluti...

...min_avail = 16 } service pop3 { executable = /usr/local/dovecot2/libexec/dovecot/pop3 process_limit = 250000 } service replicator { unix_listener replicator-doveadm { mode = 0600 user = popuser } } service stats { fifo_listener stats-mail { mode = 0600 user = popuser } } ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert1.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert1.key ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2 userdb { args = /usr/local/dovecot2/etc/dovecot/dovecot-ldap.conf driver = ldap } verbose_proctitle = yes protocol doveadm {...

...preventing" /var/log/messages grep "denied" /var/log/audit/audit.log ausearch -m avc shows no deniead messages > >> ### This works (Thunderbird, Outlook 2013, Opera Mail ect.) #### >> >> local mydomain01.tld { >> >> protocol imap { >> ssl_cert = >> </etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.crt.pem >> ssl_key = >> </etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.key.pem >> } >> >> } >> Sorry the above has some typo errors, forget it. Ok, this works well: Conf...

Hello, If you don?t have a ssl_key and ssl_cert configured in your dovecot config managesieve-login will fail to start with the following error message: dovecot: managesieve-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY, even if you haven?t enabled ssl for ma...

...tmaster at OTHER-NAME.TLD >> | dovecot: doveadm(test): Error: SERVER-A.TLD: Received invalid SSL certificate >> | dovecot: doveadm(test): Error: sync: Disconnected from remote >> >> The OTHER-NAME.TLD is served by my additional settings used by my MUAs: >> >> | ssl_cert = </<path-to>/ssl/certs/OTHER-NAME.TLD.pem >> | ssl_key = </<path-to>/ssl/private/OTHER-NAME.TLD.pem >> >> I did supply SERVER-A.TLD certs and private certificates at both servers as well, but dovecot seems to use those of OTHER-NAME.TLD for replicator/dsync ins...

..._64 x86_64 Red Hat Enterprise Linux Server release 7.5 (Maipo)? ... service imap-login { ? inet_listener imap { ????address = 127.0.0.1 ????port = 143 ? } ? inet_listener imaps { ????port = 993 ????ssl = yes ? } ? process_min_avail = 8 ? service_count = 0 } ... ssl = required # set default cert ssl_cert = </etc/pki/dovecot/certs/mail_new_domain-chained.cert ssl_cipher_list = DHE-RSA-AES256-SHA:DHE-RSA-AES128- SHA:ALL:!LOW:!SSLv2:!EXP:!aNULL:!MD5:!RC4:!DES:!3DES:!TLSv1 ssl_key = </etc/pki/dovecot/private/mail_new_domain.key ssl_protocols = !SSLv2 !SSLv3 ... # set alternativ cert for old do...

...ion.smith at gmx.net wrote: > > ### CORRECTION > Am 15.08.2015 um 03:22 schrieb dravion.smith at gmx.net: >> >> #### BUT #### >> If i try something like this in /etc/dovecot/conf.d/10-ssl.conf >> >> local imap.mydomain01.tld { >> protocol imap { >> ssl_cert = >> </etc/ssl/domains/mydomain01.tld/imap/imap.mydomain01.tld.crt.pem >> ssl_key = >> </etc/ssl/domains/mydomain01.tld/imap/imap.mydomain01.tld.key.pem >> } >> } >> >> local imap.mydomain02.tld { >> protocol imap { >> ssl_cert = >&...

Hi all, I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains. I'm using letsencrypt certificates. On the 10-ssl.conf, when I only use one domain, like this, it works : ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem I got a warning of course when using my second domain, mydomain2.fr. If I do the config : local_name mail.mydomain.fr { ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain...

...mains. I have setup the dovecot with the instructions from http://wiki2.dovecot.org/SSL/DovecotConfiguration Each domain has it's own ip address. However, when I connect via Thunderbird or any other mail clients, the client is ONLY picking up the top-level "default" ssl_key and ssl_cert and the certificat in /etc/ssl/dovecot.pem Is this a bug? This is on Debian Wheezy. Any help pointing in the right direction would be appreciated thanks. Here is the ssl section: ----------- ssl_cert = </etc/ssl/dovecot.pem ssl_key = </etc/ssl/dovecot.pem local 192.0.2.10 { # instead of...

...vice_count = 0 } service pop3 { executable = /usr/local/dovecot2/libexec/dovecot/pop3 process_limit = 250000 } service replicator { unix_listener replicator-doveadm { mode = 0600 user = popuser } } service stats { fifo_listener stats-mail { mode = 0600 user = popuser } } ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert1.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert1.key ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2 userdb { args = /usr/local/dovecot2/etc/dovecot/dovecot-ldap.conf driver = ldap } verbose_proctitle = yes protocol doveadm {...

...ia dovecot <dovecot at dovecot.org> wrote: > On 10.4.2019 12.36, Laura Smith via dovecot wrote: > > > Dovecot 2.3.3 (dcead646b) > > openSUSE Leap 15.0 > > I am getting a weird error message: > > Fatal: Error in configuration file /etc/dovecot/local.conf line 16: ssl_cert: Can't open file /etc/foobar/ssl/certbot.pem: Permission denied > > I have tried the following: > > > > - chmod -R 655 /etc/foobar/ssl (/etc/foobar is 755) > > - create "ssl_users" group add dovecot to it chown -R dovecot:ssl_users /etc/foobar/ssl > >...

...eplication-notify-fifo { mode = 0666 } unix_listener replication-notify { mode = 0666 } } service doveadm { inet_listener { port = 12333 ssl = yes } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl_cert = </etc/dovecot/ssl_chain.pem ssl_cipher_list = ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:HIGH:MEDIUM:+TLSv1:+TLSv 1.1:+TLSv1.2:!RC4:!IDEA:!3DES:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!A ESGCM:!CAMELLIA:!SEED ssl_client_ca_file = /etc/pki/tls/cert.pem ssl_dh = # hidden, use -P...