search for: ssl_client_cert

...e config I have wrong, if mongrel isn''t picking up the env variables I am setting, or if it''s just not possible to do what I''m trying to do. Any guidance would be appreciated. ProxyPass /xml/ http://localhost:88/xml/ RewriteEngine On RewriteRule ^/xml/(.*) /xml/$1 [P,E=SSL_CLIENT_CERT:%{SSL_CLIENT_CERT}]

...ly protected with SSL and client certificates, probably behind Apache. The application will automatically create and login a user if it is presented with a valid client certificate. The certificate will be first validated by Apache''s mod_ssl and then passed to Rails in ENV[''SSL_CLIENT_CERT''], at which point Rails will use the information in the certificate to create a new user. In order to mimic a passed valid certificate, I''ve put the line: request.env[''SSL_CLIENT_CERT''] = File.open(''tmp/client.crt'').read into my ''l...

?I've a dovecot instance setup with submission proxy, protocols = imap lmtp submission sieve hostname = internal.mx.example.com submission_relay_host = internal.mx.example.com submission_relay_port = 465 submission_relay_trusted = yes submission_relay_ssl = smtps submission_relay_ssl_verify = yes service submission-login { inet_listener submission { address = 10.2.2.10,

...cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA ssl_client_ca_file = /etc/ipa/ca.crt ssl_client_cert = </etc/pki/tls/certs/dovecot.pem ssl_client_key = </etc/pki/tls/private/dovecot.key ssl_key = </etc/pki/tls/private/dovecot.key ssl_parameters_regenerate = 1 weeks ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv2 !SSLv3 userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf.ext...

...> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA > ssl_client_ca_file = /etc/ipa/ca.crt > ssl_client_cert = </etc/pki/tls/certs/dovecot.pem > ssl_client_key = </etc/pki/tls/private/dovecot.key > ssl_key = </etc/pki/tls/private/dovecot.key > ssl_parameters_regenerate = 1 weeks > ssl_prefer_server_ciphers = yes > ssl_protocols = !SSLv2 !SSLv3 > userdb { > args = /etc/dovec...

How do I configure dovecot-2.0.x to present a client SSL certificate when proxying? If dovecot on server1.example.com has: passdb { driver = static args = proxy=y host=server2.example.com nopassword=y ssl=yes } and dovecot on server2.example.com has: ssl_verify_client_cert = yes auth_ssl_require_client_cert = yes then when a client connects to server1 and authenticates, a connection is

http://dovecot.org/releases/2.0/dovecot-2.0.17.tar.gz http://dovecot.org/releases/2.0/dovecot-2.0.17.tar.gz.sig Among other changes: + Proxying now supports sending SSL client certificate to server with ssl_client_cert/key settings. + doveadm dump: Added support for dumping dbox headers/metadata. - Fixed memory leaks in login processes with SSL connections - vpopmail support was broken in v2.0.16

http://dovecot.org/releases/2.0/dovecot-2.0.17.tar.gz http://dovecot.org/releases/2.0/dovecot-2.0.17.tar.gz.sig Among other changes: + Proxying now supports sending SSL client certificate to server with ssl_client_cert/key settings. + doveadm dump: Added support for dumping dbox headers/metadata. - Fixed memory leaks in login processes with SSL connections - vpopmail support was broken in v2.0.16

...should be pretty stable. Most of the changes since v2.1.beta1 have been for rather small issues. Many of the fixed bugs exist also in v2.0, but since they are so minor I didn't bother backporting the fixes. As new features since v2.1.beta1 there are the things I did also for v2.0.16, and: * ssl_client_cert/key: Proxying can now send SSL certificate to backend server * ssl_crypto_device for enabling hardware encryption * SCRAM-SHA-1 authentication mechanism support by Florian Zeitz * passdb/userdb checkpassword: Export all auth %variables to AUTH_* environment. * maildir_broken_filename_sizes sett...

...should be pretty stable. Most of the changes since v2.1.beta1 have been for rather small issues. Many of the fixed bugs exist also in v2.0, but since they are so minor I didn't bother backporting the fixes. As new features since v2.1.beta1 there are the things I did also for v2.0.16, and: * ssl_client_cert/key: Proxying can now send SSL certificate to backend server * ssl_crypto_device for enabling hardware encryption * SCRAM-SHA-1 authentication mechanism support by Florian Zeitz * passdb/userdb checkpassword: Export all auth %variables to AUTH_* environment. * maildir_broken_filename_sizes sett...

...groups = mail unix_listener quota-warning { group = vmail mode = 0600 user = vmail } user = vmail } ssl_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH ssl_client_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem ssl_client_key = # hidden, use -P to show it ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_prefer_server_ciphers = yes submission_client_workarounds = whitespace-before-path submission...

...unix_listener login/ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = yes ssl_ca = ssl_cert = </etc/ssl/certs/dovecot.pem ssl_cert_username_field = commonName ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL ssl_client_cert = ssl_client_key = ssl_key = </etc/ssl/private/dovecot.pem ssl_key_password = ssl_parameters_regenerate = 168 ssl_verify_client_cert = no submission_host = syslog_facility = mail userdb { args = driver = passwd } valid_chroot_dirs = verbose_proctitle = no verbose_ssl = no version_ignore =...

Been doing some research but haven''t been able to determine much - has anyone had any experience parsing incoming [on the request] x.509 certificates? Specifically, getting name, CA, etc. Here''s how you do in Java Servlets for reference: X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); Thanks. --

...1 service_count = 0 vsz_limit = 256 M } ssl = required ssl_ca = </etc/pki/tls/certs/ca-bundle.crt ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_cipher_list = EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:HIGH:!aNULL:!eNULL:!EXP:!MD5:!LOW:!SSLv2 ssl_client_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_client_key = </etc/pki/dovecot/private/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { args = static uid=10000 gid=10000 home=/dev/null driver = static } verbose_ssl = yes version_ignore = yes Oct 7 09:32:51 dserver dov...

> On 4 Sep 2019, at 16.38, R.N.S. via dovecot <dovecot at dovecot.org> wrote: >> >> passdb { >> args = /etc/dovecot/master-users >> driver = passwd-file >> master = yes >> pass = yes >> } >> passdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } >> ... >> protocol sieve { >> passdb

...ing { > group = vmail > mode = 0600 > user = vmail > } > user = vmail > } > ssl_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem > ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH > ssl_client_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem > ssl_client_key = # hidden, use -P to show it > ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > ssl_min_protocol = TLSv1.2 > ssl_prefer_server_ciphers = yes > submission_client_workarounds = whi...

...IAPPEND NAMESPACE QRESYNC QUOTA RIGHTS=ektx SASL-IR SEARCHRES SORT THREAD=ORDEREDSUBJECT UIDPLUS UNSELECT WITHIN XLIST] LOGIN completed atm, my dovecot config includes the following, matching the ssl config above, ssl_client_ca_file = /sec/vmail/CA.crt.pem ssl_client_require_valid_cert = yes ssl_client_cert = < /sec/vmail/client.EC.crt.pem ssl_client_key = < /sec/vmail/client.EC.key.pem protocol doveadm { mail_plugins = virtual } imapc_host = remote-imap.example.com imapc_features = rfc822.size imapc_features = $imapc_features fetch-headers mail_prefetch_count = 20 imapc_port...

...group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = required ssl_ca = ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_cert_username_field = commonName ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL ssl_client_cert = ssl_client_key = ssl_crypto_device = ssl_key = </etc/pki/dovecot/private/dovecot.pem ssl_key_password = ssl_parameters_regenerate = 1 weeks ssl_protocols = !SSLv2 ssl_verify_client_cert = no stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_mem...

...groups = mail unix_listener quota-warning { group = vmail mode = 0600 user = vmail } user = vmail } ssl_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH ssl_client_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem ssl_client_key = # hidden, use -P to show it ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_prefer_server_ciphers = yes submission_client_workarounds = whitespace-before-path submission...

...unix_listener login/ssl-params { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = yes ssl_ca = ssl_cert = </var/qmail/control/servercert.pem ssl_cert_username_field = commonName ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL ssl_client_cert = ssl_client_key = ssl_key = </var/qmail/control/servercert.pem ssl_key_password = ssl_parameters_regenerate = 168 ssl_verify_client_cert = no submission_host = syslog_facility = mail userdb { args = cache_key=%u quota_template=quota_rule=*:backend=%q driver = vpopmail } valid_chroot_dirs =...