similar to: Thunderbird SSL/TLS client authentication fails

hello trying to install dovecot 2 on a fresh installed machine I get this error message : doveconf -n > dovecot-new.conf doveconf: Error: ssl enabled, but ssl_cert not set doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set the ssl config file look like the following : Thanks for any info. ## ## SSL settings ## # SSL/TLS

In hopes that searching may turn up the solution for others: The reason client certificate validation was failing in Thunderbird when it had previously succeeded with other servers (both IMAP and SMTP) is precisely that: the client and profile where the same ones used to connect to the server who's hostname hadn't changed, and email addresses and usernames were the same, and Thunderbird

hello, I made a modification to ssl-proxy-openssl.c (patch attached) zo that it a) disconnects when no client certificate is presented b) checks the client certificate against the crl for our root cert. (so you can't use a revoked client cert.) c) returns the CommonName from the client cert. in ssl_proxy_get_peer_name (this way it's easier to use dovecot as imap-proxy with a

Good time of the day! My English is not very good, excuse me if I said something wrong. I use dovecot-2.1.16 on Gentoo Linux amd64. I need to setup dovecot (imap and pop3) for SSL and non-SSL connection simultaneously. For SSL connections client must submit a valid SSL certificate. Now SSL part of dovecot.conf looks like this: ----------------- ssl = yes ssl_cert =

I have a remote server running centos 4.3 and a home desktop running suse 10.1. I have generated an SSL certificate on the server, copied it on the desktop and run on the desktop: >openssl x509 -in mynewcertCert.pem -fingerprint -subject -issuer -serial -hash -noout >c_rehash . getting this warning: > > Doing . > WARNING: mynewcertPrivateKey.pem does not contain a certificate or

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. Please find patches for v2.2.36 and v2.3.4 attached, or download new version from https://dovecot.org Yours sincerely, Aki Tuomi Open-Xchange Oy

Greetings all, I have verified a bug that has long been attributed to lack of knowledge on the part of the user. Dovecot rejects StartSSL client certificates due to reject StartSSL root CA when doing client verification even though the appropriately constructed ca-bundle.pem has been created and applied vi ssl_ca = </etc/dovecot/ca-bundle.pem. openssl verify -CAfile ca-bundle.pem

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 16 June 2019 15:47 Marvin Gülker via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>

>From the config : auth_ssl_require_client_cert = no GMail empty vcard ... I have no ideas . so sorry. Coding snippets. What can I provide for you that will help? NOTE: it is pretty much the default config from Debian. Thank you, On Sun, May 24, 2020 at 9:29 PM Benny Pedersen <me at junc.eu> wrote: > > On 2020-05-25 02:54, hanasaki at gmail.com wrote: > > Config has >

Dear List, I self-host my e-mail and run Dovecot since ever I do that. Dovecot version is 2.3.4.1 (f79e8e7e4), running on Debian testing. Now I am trying to configure Dovecot for client TLS certificates. I have a self-signed certificate whose private key resides on a smartcard (Yubikey, to be exact). I wanted Dovecot to accept that TLS client certificate instead of a password. So I searched and

I would like to use Client certificate verification/authentication. My MTA used this function. I've a problem to make a valid certificate. For my MTA i used : openssl req -new -nodes -x509 -keyout user_key.pem -out user_req.pem -days 365 openssl ca -out user_signed.pem -infiles user_req.pem openssl pkcs12 -in user_signed.pem -inkey user_key.pem -out user.p12 -export -name "user at

Hello, I have seen via google that this very problem was already discussed on this and other lists some months ago, but the archives report no solution. I have dovecot 1.0-0_12.beta8 on Centos 4.3. IMAP works just fine: I can read email from both Squirrelmail via web and Kmail. Now I have created an ssl certificate and I'm trying to use it via pop3. When I launch fetchmail I get the error

Hello Aki and all, The below lines are in the dovecot config file. This seems to be the same as Aki's suggestion. correct? I have also double checked file perms, tried with several new key gens, several versions of thunderbird and created completely new thunderbird profiles. Thank you, ssl_cert = </etc/letsencrypt/live/...../fullchain.pem ssl_key =

The real reason is that you have misconfigured your cert. Alert 42 means that the *client* consider *server* client untrusted. If you are using LE cert you should configure ssl_cert=</etc/letsencrypt/live/domain/fullchain.pem ssl_key=</etc/letsencrypt/live/domain/privkey.pem Aki > On 25/05/2020 18:01 Hanasaki Jiji <hanasaki at gmail.com> wrote: > > > From the config

Hi! Can you do openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem and check these things: your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see this by looking for 1.3.6.1.5.5.7.1.24 Also, can you provide output of openssl s_client -connect host:993 -trace Aki > On 25/05/2020 18:46 hanasaki

Sorry... openssl x509 -text -noout -in /etc/letsencrypt/live/...../fullchain.pem and openssl s_client -connect host:993 Aki > On 25/05/2020 18:52 hanasaki at gmail.com <hanasaki at gmail.com> wrote: > > > s_client: Option unknown option -trace > *** > x509: Unknown parameter text > > > On 5/25/20 11:49 AM, Aki Tuomi wrote: > > Hi! > > >

s_client: Option unknown option -trace *** x509: Unknown parameter text On 5/25/20 11:49 AM, Aki Tuomi wrote: > Hi! > > Can you do > > openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem > > and check these things: > > your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see

hi, one customer told us, that he has performance problem in his Thunderbird 3.1.9, while open his sent folder, which has round about 4000 mails in it, and 20k in his Inbox. For example TB, tries to sync the sent-folder list (over SSL) from the sent folder for now over 15min. In the log, I can't see any strange things, so for me, Dovecot works ok. Maybe, I should use better cache options?

Hello, it seems there there is an issue regarding "TLS-Certtificate" authentication in Thunderbird and Dovecot. Obviously client certificate is recognized by Dovecot: Apr 25 14:29:01 dovecot dovecot: imap-login: Valid certificate: /emailAddress=christian.felsing at example.net/CN=Christian Felsing (Test)/OU=CF Certificates/O=example.net/C=DE AFAIK Dovecot always requires IMAP login,

On 2020-05-25 02:54, hanasaki at gmail.com wrote: > Config has > ssl_verify_client_cert = no > What options might have the client auth turned on? why does gmail attacht empty vcard info ? without any config snippes its hard to say what config error is local https://wiki.dovecot.org/SSL/DovecotConfiguration is it auth_ssl_require_client_cert = yes i dont use this auth features to