search for: startssl

I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for personal use (i.e. only me). I have success with self-signed certificates but not with others (e.g. StartSSL.com) With StartSSL certs: I've been able to connect and test commands via: openssl s_client -connect imaps.unixathome.org:993 Can you configure your iPhone or Macbook to access the above? Authentication isn't the issue. Connection is the issue. I've been able to get Thunderbird...

...server? No. I should have said "standard locate". I think both Fedora and CentOS create the folders /etc/pki/tls/{certs,private}, so I assume this means that certs and keys should be store there. > What I typically do is get a real, but free, SSL certificate from some > place like StartSSL (www.startssl.com), and then copy the key and > certificate to the location that's specified for use by dovecot. My question exactly - is there any reason why one should not do that? Or even more simply, give the locations /etc/pki/tls/{certs,private} in /etc/dovecot/conf.d/10-ssl.conf ? -...

On Jun 15, 2016, at 7:57 AM, ????????? ???????? <nevis2us at infoline.su> wrote: > > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free Today, I would prefer Let?s Encrypt: https://letsencrypt.org/ It is philosophically aligned with the open source software world, rather than act as bait for a company that would prefer to sell you a cert instead. I?m only aware of one case where you absolut...

Hello anyone used OpenSSL before? Why do we need to pay for expensive SSL certs when there is OpenSSL which is provided free? Is there a difference? I''ve got an ecommerce website, and wondering if OpenSSL is enough? Your thoughts will be appreciated -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this

...nd return port based on that, or you can omit port to default into "standard port". not using ssl/starttls is default. > On 17 September 2018 at 16:35 Alexander Chekalin <alexander.chekalin at gmail.com> wrote: > > > Thank you! > > Ok, so I can omit ssl=no and startssl=no, and this results in default > settings for ssl which is 'off'? Or the defaults are 'on' anyway? > > Can I somehow specify ports on remote hosts that proxy will use to connect > to? Like (just image): 'proxy host_imap=10.1.1.1:143 host_pop=10.1.1.1:110' >...

...n 03/03/2016 07:30 AM, Stephan Bosch wrote: >> BTW, I can imagine that Thunderbird can already do that, as it shares much of the Firefox code base. > Thunderbird definitely does validate certificates via OCSP, enabled by default and I've run into that the hard way a couple of times wrt StartSSL having issues with their responder. This isn't hypothetical, guys.... OCSP status querying isn't the same as verifying stapled OCSP responses though. Can't find Thunderbird's support for stapling unfortunately..

...ser = dovecot } service lmtp { unix_listener lmtp { mode = 0666 } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } process_min_avail = 1 service_count = 1 vsz_limit = 64 M } ssl_cert = </etc/ssl/private/startssl-onnet.ch <http://startssl-onnet.ch/>-chain.crt ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-...

Jason Pyeron wrote: >> I'm getting endless complaints about my dovecot cert, > > Exact message please? The certificate does not apply to the given host The certificate is not signed by any trusted certificate authority >> Do I really have to use a separate cert and key for dovecot? >> Can I not use the "standard" cert in /etc/pki/tls/certs (and key)

Hi All, I have a CentOS 5.4 web server. I have some stuff that runs on 443. When I hit https://<the site> The user gets a warning saying that site identity could not be verified and the user can add an exception if they want. How do I stop this from happing? Do I need to buy an SSL cert? Aren't these really expensive per server and I have 5 servers I would need to do this too. Can

...t; > > > not using ssl/starttls is default. > > > > > On 17 September 2018 at 16:35 Alexander Chekalin < > > alexander.chekalin at gmail.com> wrote: > > > > > > > > > Thank you! > > > > > > Ok, so I can omit ssl=no and startssl=no, and this results in default > > > settings for ssl which is 'off'? Or the defaults are 'on' anyway? > > > > > > Can I somehow specify ports on remote hosts that proxy will use to > > connect > > > to? Like (just image): 'proxy host_i...

Hi, I try to set up dovecot as a proxy server, to proxy requests to several dovecot-based backend servers. I wand external clients who connects to this proxy Dovecot to use TLS (this is easy to set up) while want to have unsecured (plain IMAP/POP) connections to backends. You see, links to backends are over LAN so no TLS needed, and these backends are poor old machines (with old Docecots like

Hi, I want to say hello and here is my big problem ;D Iam trying to archive a Postfix/Dovecot 2.2.10 CentOS7 Multidomain Setup with multiple (valid StartSSL Certs), but iam only able to run a single Domain Cert server only. ps: I need a multiple domainssetup for every customer and it is not an option for me redirecting any email to a single domain server. I really need this setup working. IMHO: I think it SELinux could interfere with multiple Certs...

Hi all, As I reported earlier (with a typo in the work [BUG]) client certification validation *does not* work even if you do everything exactly according to all documentation and attempts at helpful advice. I have seen this issue with both startssl.com and self-signed certificates, and based on what I've seen from searching the web, this is a problem that has gotten little attention because most people don't bother, but are more than willing to give out useless advice on how to make it work. Furthermore the issue does NOT occur with...

On 10/10/2016 11:12 AM, Stuart D. Gathman wrote: > On Mon, 10 Oct 2016, Lane Russell wrote: > >> I tried viewing your link, but it returns a 404 error. It also doesn't seem >> to have a valid certificate. Could you send the correct link please? > > I tried from Texas, Miami, Virginia, and New York VPSes. Works fine. > Maybe try again, or check your local DNS? >

...I really have to create up a special cert for dovecot? > There's not really a "standard" SSL certificate. Perhaps you're referring to a "default" certificate used by the webserver? What I typically do is get a real, but free, SSL certificate from some place like StartSSL (www.startssl.com), and then copy the key and certificate to the location that's specified for use by dovecot. That way, both httpd and dovecot are using the same certificate (although it's stored in 2 different locations). The other thing to consider with dovecot (if you go with a thi...

Op 3-3-2016 om 13:04 schreef A. Schulze: > > dovecot: > >> So I would like to know if Dovecot is planning to feature OCSP stapling. >> That way I know for sure my "must staple" certificates can be used by >> Dovecot. And in my opinion, every TLS offering daemon should be up to >> par to the capabilities of TLS.. Not lag behind :) >> >>

Dovecot SNI is failing hard today. Server with n domains, each with a startssl certificate of its own, all certificates expired this morning. Decision: move to Letsencrypt. Firsr certificate issued and installed. Other domains in the pipeline. Dovecot server rebooted. Expected result: one domain returning the new cert, and the n-1 domains returning the expiration notification...

Thank you! Ok, so I can omit ssl=no and startssl=no, and this results in default settings for ssl which is 'off'? Or the defaults are 'on' anyway? Can I somehow specify ports on remote hosts that proxy will use to connect to? Like (just image): 'proxy host_imap=10.1.1.1:143 host_pop=10.1.1.1:110' or somehow? On Mon, S...

Greetings all, I have verified a bug that has long been attributed to lack of knowledge on the part of the user. Dovecot rejects StartSSL client certificates due to reject StartSSL root CA when doing client verification even though the appropriately constructed ca-bundle.pem has been created and applied vi ssl_ca = </etc/dovecot/ca-bundle.pem. openssl verify -CAfile ca-bundle.pem -crl_check_all -policy_check -x509_strict -verbose...

...to default into > "standard port". > > not using ssl/starttls is default. > > > On 17 September 2018 at 16:35 Alexander Chekalin < > alexander.chekalin at gmail.com> wrote: > > > > > > Thank you! > > > > Ok, so I can omit ssl=no and startssl=no, and this results in default > > settings for ssl which is 'off'? Or the defaults are 'on' anyway? > > > > Can I somehow specify ports on remote hosts that proxy will use to > connect > > to? Like (just image): 'proxy host_imap=10.1.1.1:143 host_pop...