search for: ssl_client_ca_dir

.../2017 om 12:01 PM schreef Stephan Bosch: >>>>> Op 1/22/2017 om 10:01 AM schreef Jan Vonde: >>>>>> I tried adding the following settings but that didn't help: >>>>>> ssl_ca = < /etc/ssl/certs/ca-certificates.crt >>>>>> ssl_client_ca_dir = /etc/ssl/certs >>>>>> >>>>>> Can you give me a hint how I can get the ssl certificate accepted? >>>>> That should normally have done the trick. However, the sources tell me >>>>> that no ssl_client settings are propagated to the ht...

.... My issue comes when I try to create a hashed of my passwords. I have tried entering the command, "doveadm pw -s SSHA512". When I do this, I get the error message, "doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/99-mail-stack-delivery.conf line 6: Unknown setting: ssl_client_ca_dir". I have tried running that command with sudo and as root, but I still get the exact same error message. I had configured /etc/dovecot/conf.d/99-mail-stack-delivery.conf earlier on, and line 6 of that document says, "ssl_client_ca_dir = /etc/ssl/certs" which is exactly what the ars...

On Mon, 21 Sep 2015, Andrew McN wrote: >> http://wiki2.dovecot.org/Replication >> >> (quote) >> The client must be able to verify that the SSL certificate is valid, so >> you need to specify the directory containing valid SSL CA roots: >> >> ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu >> ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat >> (end quote) >> > > Suggesting that on Redhat you should specify "the directory containing > valid SSL CA roots" by setting ssl_client_ca_file sounds kinda crazy. > Soun...

...eb Stephan Bosch: >> Op 1/22/2017 om 12:01 PM schreef Stephan Bosch: >>> Op 1/22/2017 om 10:01 AM schreef Jan Vonde: >>>> I tried adding the following settings but that didn't help: >>>> ssl_ca = < /etc/ssl/certs/ca-certificates.crt >>>> ssl_client_ca_dir = /etc/ssl/certs >>>> >>>> Can you give me a hint how I can get the ssl certificate accepted? >>> That should normally have done the trick. However, the sources tell me >>> that no ssl_client settings are propagated to the http_client used by >>> f...

...an example of ssl_client_ca_file is on this page, and there's no "<" in front of the file path: http://wiki2.dovecot.org/Replication (quote) The client must be able to verify that the SSL certificate is valid, so you need to specify the directory containing valid SSL CA roots: ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat (end quote) On Mon, 21 Sep 2015, Christian Kivalo wrote: > Hi > >> I've pointed ssl_client_ca_file to my root certificate store, but I >> suspect ssl_client_ca_file is only used in imapc c...

...e? > > name = </path/file works for all settings. Thanks, applied and working. >> Now, I did try to add ssl by activating "ssl = yes" in 'service doveadm' (see above) and adding ... >> >> | # used by replicator/dsync over tcp >> | # >> | ssl_client_ca_dir = /<path-to>/ssl/certs >> >> ... and ... >> >> | mail_replica = tcps:SERVER-A.TLD >> >> But, this didn't work (logfile at remote server): >> >> | dovecot: doveadm(test): Invalid certificate: self signed certificate: /OU=dovecot server/CN...

You know that imapc != imap proxy. imapc is a thin client, which is a "mail storage provider" like maildir. imap proxy is when you proxy the connection somewhere. this is done with proxy_ settings in passdb. You need to specify ssl_client_ca_dir = /etc/ssl/certs to get cert verification working with imapc. it's required. Aki > On 27/10/2020 10:54 David Tildesley <davotnz at yahoo.co.nz> wrote: > > > I have solved the port problem by specifying it in the passdb section as userdb_imapc_port=993 > > But: >...

Op 1/22/2017 om 12:01 PM schreef Stephan Bosch: > Op 1/22/2017 om 10:01 AM schreef Jan Vonde: >> I tried adding the following settings but that didn't help: >> ssl_ca = < /etc/ssl/certs/ca-certificates.crt >> ssl_client_ca_dir = /etc/ssl/certs >> >> Can you give me a hint how I can get the ssl certificate accepted? > That should normally have done the trick. However, the sources tell me > that no ssl_client settings are propagated to the http_client used by > fts-solr, so SSL is not currently support...

...xample.org.crt ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM ssl_key = </etc/ssl/private/mail.example.org.key ssl_protocols = !SSLv2 !SSLv3 I tried adding the following settings but that didn't help: ssl_ca = < /etc/ssl/certs/ca-certificates.crt ssl_client_ca_dir = /etc/ssl/certs Can you give me a hint how I can get the ssl certificate accepted? Thanks in advance and have a nice day, Jan :-)

...> > > You know that imapc != imap proxy. > > imapc is a thin client, which is a "mail storage provider" like maildir. > > imap proxy is when you proxy the connection somewhere. this is done with proxy_ settings in passdb. > > You need to specify > > ssl_client_ca_dir = /etc/ssl/certs > > to get cert verification working with imapc. it's required. > > Aki > > > > On 27/10/2020 10:54 David Tildesley <davotnz at yahoo.co.nz> wrote: > > > > > > I have solved the port problem by specifying it in the passdb se...

...ilbox name: doveadm -o imapc_user=ag at example.org \ -o imapc_password=XXX \ -o imapc_host=old-mailserver.webflow.de \ -o imapc_port=993 \ -o imapc_ssl=imaps \ -o imapc_ssl_verify=no \ -o imapc_features=rfc822.size,fetch-headers \ -o ssl_client_ca_dir=/etc/ssl \ backup -R -f -x ~* -u migration-ag at example.org imapc: dsync(migration-ag at example.org): Info: imapc(old-mailserver.webflow.de:993): Connected to 1.1.1.1:993 (local 2.2.2.2:46154) dsync(migration-ag at example.org): Error: Failed to access mailbox Entw?rfe: mailbox does...

...> ? mailbox "Sent Messages" { > ??? special_use = \Sent > ? } > ? mailbox Trash { > ??? special_use = \Trash > ? } > ? prefix = > } > passdb { > ? driver = pam > } > protocols = " imap" > ssl_cert = </etc/dovecot/private/dovecot.pem > ssl_client_ca_dir = /etc/ssl/certs > ssl_key =? # hidden, use -P to show it > userdb { > ? driver = passwd > } > -- Regards, Edwin Humphries -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190815/aaea50a5/attac...

Hi, I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and a valid Let's Encrypt certificate. I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the tcps method, but when I launch the replication it fails writing on the log (/var/log/mail.err): (Server 1 - sync "client" )| Error: sync: Disconnected from

...15, Andrew McN wrote: > >>> http://wiki2.dovecot.org/Replication >>> >>> (quote) >>> The client must be able to verify that the SSL certificate is valid, so >>> you need to specify the directory containing valid SSL CA roots: >>> >>> ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu >>> ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat >>> (end quote) >>> >> >> Suggesting that on Redhat you should specify "the directory containing >> valid SSL CA roots" by setting ssl_client_ca_file sound...

...2.2.27: Policy server HTTP error: 9002 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) and in version 2.3.devel Policy server HTTP error: 9002 Requested https connection, but no SSL settings given dovecot.conf does have ?ssl_client_ca_dir = /etc/ssl/certs? set. Looking around the source, http-client-settings are not given the ssl_ca_dir or ssl_ca_file setting from the config. Admittedly SSL tear up/down is little expensive per auth, but I think it maybe it should still work?

...t;>> Op 1/22/2017 om 12:01 PM schreef Stephan Bosch: >>>> Op 1/22/2017 om 10:01 AM schreef Jan Vonde: >>>>> I tried adding the following settings but that didn't help: >>>>> ssl_ca = < /etc/ssl/certs/ca-certificates.crt >>>>> ssl_client_ca_dir = /etc/ssl/certs >>>>> >>>>> Can you give me a hint how I can get the ssl certificate accepted? >>>> That should normally have done the trick. However, the sources tell me >>>> that no ssl_client settings are propagated to the http_client used b...

...M schreef Stephan Bosch: >>>>>> Op 1/22/2017 om 10:01 AM schreef Jan Vonde: >>>>>>> I tried adding the following settings but that didn't help: >>>>>>> ssl_ca = < /etc/ssl/certs/ca-certificates.crt >>>>>>> ssl_client_ca_dir = /etc/ssl/certs >>>>>>> >>>>>>> Can you give me a hint how I can get the ssl certificate accepted? >>>>>> That should normally have done the trick. However, the sources >>>>>> tell me >>>>>> that no ssl...

...3.) > > I recently set up replication following the wiki and I think you > deviated from the instructions at this point: > "The client must be able to verify that the SSL certificate is valid, so > you need to specify the directory/file containing valid SSL CA roots: > > ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu > ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat" > > At least when I followed this for Centos using the Redhat setting it worked. The DST root > certification was already in that file. You might have the same luck by following the indications...

...pool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = </etc/letsencrypt/live/imap.mmpcrofton.com/fullchain.pem ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_plugins = " sieve" postmaster_address = david at mmpcrofton.com } protocol im...

...;Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = " imap lmtp sieve pop3 submission" ssl_cert = </etc/dovecot/private/dovecot.pem ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { driver = passwd }