Displaying 4 results from an estimated 4 matches for "ssl_cert_chain".
2018 May 28
2
SSL error after upgrading to 2.31
...ml>).
>
> And from an admin POV, it makes a lot of sense to keep the
> intermediate cert chain separate from the server cert.
>
> Cheerio,
> hauke
>
I'm sure. But putting it as ssl_ca makes no sense, since it becomes
confused what it is for.
We can try restoring this as ssl_cert_chain setting in future release.
Aki
2018 May 28
0
SSL error after upgrading to 2.31
...n Mon, 28 May 2018 13:52:01 +0300, Aki Tuomi wrote:
> I'm sure. But putting it as ssl_ca makes no sense, since it becomes
> confused what it is for.
I guess - I haven't had a need for client certs, and only ever used
ssl_ca for the server ca chain.
> We can try restoring this as ssl_cert_chain setting in future release.
Sounds good. How about (re)naming them ssl-{client,server}_ca?
Cheerio,
Hauke
--
The ASCII Ribbon Campaign Hauke Fath
() No HTML/RTF in email Institut f?r Nachrichtentechnik
/\ No Word docs in email TU Dar...
2018 May 28
2
SSL error after upgrading to 2.31
On 28.05.2018 12:06, Hauke Fath wrote:
> On 05/21/18 17:55, Aki Tuomi wrote:
>> ssl_ca is used only for validating client certificates.
>
> But it was used (though not documented, IIRC) for validating server
> certs, too. Since intermediate CA certs are usually valid a lot longer
> than the server certs, having to concat the certs is awkward, at best.
>
> I would very
2018 May 28
3
SSL error after upgrading to 2.31
...01 +0300, Aki Tuomi wrote:
>> I'm sure. But putting it as ssl_ca makes no sense, since it becomes
>> confused what it is for.
> I guess - I haven't had a need for client certs, and only ever used
> ssl_ca for the server ca chain.
>
>> We can try restoring this as ssl_cert_chain setting in future release.
> Sounds good. How about (re)naming them ssl-{client,server}_ca?
>
> Cheerio,
> Hauke
>
There is already ssl_client_ca, for verifying clients. ssl_ca verifies
certs when dovecot is connecting somewhere.
Aki