Displaying 20 results from an estimated 35 matches for "ssl_client_ca_".
2017 Feb 03
3
Dovecot dsync 'ssl_client_ca'
...3600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4711
My error message from server1 (main server):
Feb 03 08:38:08 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
Feb 03 08:42:35 doveadm(user2 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
Feb 03 08:42:35 doveadm(user3 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't ve...
2017 Feb 03
4
Dovecot dsync 'ssl_client_ca'
Hi,
I have made change:
ssl_protocols = !SSLv2 !SSLv3
ssl = required
verbose_ssl = no
ssl_key = </etc/ssl/private/private.key
ssl_cert = </etc/ssl/certs/key.crt
ssl_client_ca_file = </etc/ssl/certs/GandiCA2.pem
# Create a listener for doveadm-server
service doveadm {
user = vmail
inet_listener {
port = 12345
ssl= yes
}
}
and doveadm_port = 12345 // mail_replica = tcps:server2.domain.ltd # use doveadm_port
And now:
Feb 03 14:11:16 doveadm(user1 a...
2017 Mar 23
2
Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
...<r at sys4.de>:
> Mar 20 16:10:17 mproxy dovecot: master: Dovecot v2.2.devel (a39b5b2) starting up for imap
> Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
> Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): No SSL context
> Mar 20 16:10:26 mproxy dovecot: auth: Error: imap(hildeb,141.42.206.36,<rPBW7SpLW7ONKs4k>): Disconnected from server
> Mar 20 16:10:26 mproxy dovecot: imap-login: Warning:...
2017 Mar 20
4
Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
Hi!
I upgraded the 2.2 packages today (from 2:2.2.28-1~auto+5 to 2:2.2.28-1~auto+8) I now I'm getting an error:
Mar 20 13:25:58 mproxy dovecot: auth: Error: imapc(email.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
I checked, and alas, I had
ssl_client_ca_dir =
ssl_client_ca_file =
So I set:
ssl_client_ca_file = </etc/ssl/certs/ca-certificates.crt
But I'm still getting the error above.
I addition, dovecot is crashing with SIGSEGV:
Mar 20 13:28:23 mproxy dovecot: auth: Error: imapc(em...
2017 Mar 20
0
Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
On 20.03.2017 16:40, Ralf Hildebrandt wrote:
> * Aki Tuomi <aki.tuomi at dovecot.fi>:
>>
>> On 20.03.2017 14:30, Ralf Hildebrandt wrote:
>>> ssl_client_ca_file = </etc/ssl/certs/ca-certificates.crt
>> Leave the < out. It is misleading, I know, but it does say file. =)
> Makes no difference:
>
> # doveconf |fgrep ssl_client_ca
> ssl_client_ca_dir =
> ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt
>
> and with...
2017 Mar 23
0
Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
...4.de>:
>
>> Mar 20 16:10:17 mproxy dovecot: master: Dovecot v2.2.devel (a39b5b2) starting up for imap
>> Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
>> Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): No SSL context
>> Mar 20 16:10:26 mproxy dovecot: auth: Error: imap(hildeb,141.42.206.36,<rPBW7SpLW7ONKs4k>): Disconnected from server
>> Mar 20 16:10:26 mproxy dovecot: imap-logi...
2017 Mar 20
2
Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
* Aki Tuomi <aki.tuomi at dovecot.fi>:
>
>
> On 20.03.2017 14:30, Ralf Hildebrandt wrote:
> > ssl_client_ca_file = </etc/ssl/certs/ca-certificates.crt
>
> Leave the < out. It is misleading, I know, but it does say file. =)
Makes no difference:
# doveconf |fgrep ssl_client_ca
ssl_client_ca_dir =
ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt
and with auto8 I still get:
Mar 20 15:...
2017 Mar 20
0
Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
...:
=============================
Mar 20 16:10:17 mproxy dovecot: master: Dovecot v2.2.devel (a39b5b2) starting up for imap
Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
Mar 20 16:10:26 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): No SSL context
Mar 20 16:10:26 mproxy dovecot: auth: Error: imap(hildeb,141.42.206.36,<rPBW7SpLW7ONKs4k>): Disconnected from server
Mar 20 16:10:26 mproxy dovecot: imap-login: Warning: Auth connection...
2017 Mar 20
0
Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
* Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>:
> Hi!
>
> I upgraded the 2.2 packages today (from 2:2.2.28-1~auto+5 to 2:2.2.28-1~auto+8) I now I'm getting an error:
I was able to determine the last working version: 2:2.2.28-1~auto+6
and the first "broken" version: 2:2.2.28-1~auto+7
--
Ralf Hildebrandt
Gesch?ftsbereich IT | Abteilung
2017 Mar 20
0
Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
On 20.03.2017 14:30, Ralf Hildebrandt wrote:
> ssl_client_ca_file = </etc/ssl/certs/ca-certificates.crt
Leave the < out. It is misleading, I know, but it does say file. =)
Aki
2017 Feb 06
2
Dovecot dsync 'ssl_client_ca'
...Le vendredi 3 f?vrier 2017 ? 17:09:52, vous ?criviez :
> Please keep responses in list. rm -f
> /var/lib/dovecot/ssl-parameters.dat, i think it was in that dir.
> On 2017-02-03 17:00, Thierry wrote:
>> Hi,
>>
>> I have removed the '<' :
>>
>> ssl_client_ca_file = /etc/ssl/certs/GandiCA2.pem
>>
>> But now:
>>
>> doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360
>> doveadm: Error: Couldn't initialize SSL parameters, disabling SSL
>> doveadm: Error: Corrupted SSL par...
2017 Mar 20
2
Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
...l_ca = </etc/ssl/certs/ca-certificates.crt
ssl_cert = </etc/dovecot/dovecot.pem
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
driver = prefetch
}
verbose_proctitle = yes
Ralf Hildebrandt
Gesch?ftsbereich IT | Abteilung Netzwerk
Charit? - Universit?tsmedizin Berlin...
2017 Feb 03
0
Dovecot dsync 'ssl_client_ca'
...a).
>
> The ssl config on my both server:
>
> ssl_protocols = !SSLv2 !SSLv3
> ssl = required
> verbose_ssl = no
> ssl_key = </etc/ssl/private/private.key
> ssl_cert = </etc/ssl/certs/key.crt
> ssl_ca = </etc/ssl/certs/GandiStandardSSLCA2.pem
I think it should be ssl_client_ca_file =
</etc/ssl/certs/GandiStandardSSLCA2.pem for you.
>
> This config is working for my email client and my email web
> interface ...
>
> Are they on the right order ?
>
> mail_replica = tcps:server1 at domain.ltd and tcps:server2 at domain.ltd
>
> There...
2018 Jul 21
2
Dsync fails to connect to remote IMAP server
...sync=never -o imapc_password=PASSWORD -Dv backup -R -u USER
@DOMAIN <andrzej at datatel.net> imapc:
In the output logs I get messages like below:
dsync(USER at DOMAIN): Error: imapc(10.1.1.3:993): Couldn't initialize SSL
context: Can't verify remote server certs without trusted CAs
(ssl_client_ca_* settings)
dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Created new connection
dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Looking up IP address
(reconnect_ok=true, last_connect=1532016643)
dsync(USER at DOMAIN): Debug: imapc(10.1.1.3:993): Connecting to 10.1.1.3:993
dsync(USER at DOMA...
2017 Feb 03
0
Dovecot dsync 'ssl_client_ca'
Please keep responses in list. rm -f
/var/lib/dovecot/ssl-parameters.dat, i think it was in that dir.
On 2017-02-03 17:00, Thierry wrote:
> Hi,
>
> I have removed the '<' :
>
> ssl_client_ca_file = /etc/ssl/certs/GandiCA2.pem
>
> But now:
>
> doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360
> doveadm: Error: Couldn't initialize SSL parameters, disabling SSL
> doveadm: Error: Corrupted SSL parameters file in state_di...
2017 Feb 06
0
Dovecot dsync 'ssl_client_ca'
...2, vous ?criviez :
>
>> Please keep responses in list. rm -f
>> /var/lib/dovecot/ssl-parameters.dat, i think it was in that dir.
>
>> On 2017-02-03 17:00, Thierry wrote:
>>> Hi,
>>>
>>> I have removed the '<' :
>>>
>>> ssl_client_ca_file = /etc/ssl/certs/GandiCA2.pem
>>>
>>> But now:
>>>
>>> doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360
>>> doveadm: Error: Couldn't initialize SSL parameters, disabling SSL
>>> doveadm:...
2017 May 31
2
Bug with 2.2.29-1~auto+25 back to haunt me
...-n output!
> >
> > ssl_ca = </etc/ssl/certs/ca-certificates.crt
> >
> > So what gives?
>
> It seems to be similar to:
> https://www.dovecot.org/pipermail/dovecot/2017-March/107488.html
>
> "Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)"
>
> --
> Ralf Hildebrandt
> Gesch?ftsbereich IT | Abteilung Netzwerk
> Charit? - Universit?tsmedizin Berlin
> Campus Benjamin Franklin
> Hindenburgdamm 30 | D-12203 Berlin
> Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
> ralf.hildebrand...
2017 Feb 07
2
Dovecot dsync 'ssl_client_ca'
...Please keep responses in list. rm -f
>>> /var/lib/dovecot/ssl-parameters.dat, i think it was in that dir.
>>
>>> On 2017-02-03 17:00, Thierry wrote:
>>>> Hi,
>>>>
>>>> I have removed the '<' :
>>>>
>>>> ssl_client_ca_file = /etc/ssl/certs/GandiCA2.pem
>>>>
>>>> But now:
>>>>
>>>> doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360
>>>> doveadm: Error: Couldn't initialize SSL parameters, disabling SSL
&g...
2017 Jan 06
1
Auth-policy: auth_policy_server_url and https support
When using Auth policy server it doesn?t currently doesn?t support https.
In version 2.2.27:
Policy server HTTP error: 9002 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
and in version 2.3.devel
Policy server HTTP error: 9002 Requested https connection, but no SSL settings given
dovecot.conf does have ?ssl_client_ca_dir = /etc/ssl/certs? set.
Looking around the source, http-client-settings are not given the ssl_ca_dir or ssl_ca_file setting from the...
2018 Jul 23
0
Dsync fails to connect to remote IMAP server
Hi!
You need to add a ssl_client_ca_* setting even if you don't want the
imapc to verify the remote cert. I'll have to look into why this has
been made a requirement in the code, since it has to do what with how we
do OpenSSL initialization.
Aki
On 21.07.2018 12:59, Andrzej Polaty?ski wrote:
> Hi,
>
> I'm trying...