similar to: What is a client certificate?

> Set > > ssl_client_ca_file=/path/to/cacert.pem to validate the certificate Can this be the Lets Encrypt cert that we already have? In other words we have: ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem Can those be used? > Are you using haproxy or something in front of dovecot? No. Just Squirrelmail webmail with sendmail.

Hi Daniel, thanks for the reply - The procedure I use is the same as I use for XenServer, and the certificate exchange works just fine. The only thing I'm a bit unclear on, is the location of the CA cert, which in the case of XenServer, I simply put it in /etc/pki/CA. And when I start the libvirtd daemon, it successfully picks it up. If I put the Server key and cert in /etc/vmware/ssl for

Hello, After client (Thunderbird, now version 31.0) updated today, it stopped connecting to Dovecot IMAP4S. The infamous "SSL alert number 42" is reported. Mail server uses local (created for intranet) CA certificate as root. I would appreciate pieces of advice on how to handle that without enabling plaintext authentication over insecure channels. Other intranet services work with

Usual prologue: we're testing on CentOS 5.5, RHEL subscriptions purchased. Now trying to use virt-v2v to transfer Win2008 Server guest from ESXi host to KVM host. Have enabled SSH on ESXi host, and can connect using esx+ssh://esxhost, but procedure fails because nc isn't found on ESXi. Fair enough. BTW, ESXi looks like a radically cut down RH system (/etc/sysconfig being the give-away)?

Hi! I found little semantics bug: [13:53:40] root@dedicated-04:~ # LC_ALL=C libvirtd -h libvirtd: invalid option -- 'h' Usage: libvirtd [options] Options: -v | --verbose Verbose messages. -d | --daemon Run as a daemon & write PID file. -l | --listen Listen for TCP/IP connections. -t | --timeout <secs> Exit after timeout period. -f |

Here''s what I''m using: exec { "cert-fix": command => "curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt", onlyif => "test -e /etc/pki/tls/certs/ca-bundle.crt", } But it keeps on failing: > [default] Running Puppet with /tmp/vagrant-puppet/manifests/acid.pp... > Parameter onlyif failed: ''test -e

On 08/12/2010 10:29 AM, Lars Kellogg-Stedman wrote: > Hello all, > > I'm trying to get virsh (and virt-manager) to talk to a remote libvirt > instance. I cannot for the life of me figure out how to tell either > tool where to find client or CA certificates. Do they *really* need > to access the ones in /etc/pki? In particular, the client seems to > want to read the

Folks, I'm trying to configure my dovecot installation to require client certificates for external/Internet connections, while still allowing my local network to not need certificates. This configuration is for Dovecot 2 (2.0.8 in Fedora 14), and I've tried to use the "remote" block to give different definitions for my local network vs the defaults. While most options seem to

I'm getting endless complaints about my dovecot cert, /etc/pki/dovecot/certs/dovecot.pem which I created years ago following the dovecot instructions. Do I really have to use a separate cert and key for dovecot? Can I not use the "standard" cert in /etc/pki/tls/certs (and key) from CACert.org ? -- Timothy Murphy gayleard /at/ eircom.net School of Mathematics, Trinity College,

Hey guys, I have a private network and I trust it! /me hides behind trees... So, in order to exercise my trust, I wanna migrate guests over TCP; with and without shared storage. This is: - I want to migrate from host1 to host2; which have shared storage; over TCP without certs - I want to migrate from host1 to host99, which don't have shared storage, over TCP without certs I am asking

I was not able to find specific help for configuring the crt file for CaCert. I gleaned from examples the following order: server certificate CaCert class 3 certificate Cacert root certificate However, when I try to configure my mail reading for IMAP, Dovecot shows the following error in the log: dovecot: imap-login: Aborted login (no auth attempts): I am assuming, based on searches for this

Jason Pyeron wrote: >> I'm getting endless complaints about my dovecot cert, > > Exact message please? The certificate does not apply to the given host The certificate is not signed by any trusted certificate authority >> Do I really have to use a separate cert and key for dovecot? >> Can I not use the "standard" cert in /etc/pki/tls/certs (and key)

I have been trying to get set of libvirtd system up and running. My PKI infrastructure involves a root CA and several intermediate CAs. I am trying to get the machines to trust each other across the different intermediate CAs. This is what I have so far: Libvirtd is starting and listening on tls port 16514 I have configured client/server certs/keys and it seems to be using all of these

When I install an SSL certificate, I can't find a config option to set configure the Server Certificate Chain file... Is this not possible or can I do it another way? (When I connect, I am being told the Signature status is uncheckable...) Regards, BTJ -- ----------------------------------------------------------------------------------------------- Bj?rn T Johansen btj at havleik.no

I set up my certificates, ca client and server, as described in your documentation: http://wiki.libvirt.org/page/TLSCreateServerCerts. I followed it step by step so it must be ok. However, when I run virsh -c qemu://192.168.1.2/system and I try a command like list --all I get: error: impossible connect to the hypervisor errore: no valid connection errore: Unable to set x509 CA certificate:

I'm having a go at writing some PHP scripts to do simple things like view the status of VMs running on my Ubuntu KVM host. I've installed php_libvirt_php but am failing at the first hurdle at the moment as I can't get the PHP script to connect. My normal way of connecting virsh from the command line is like this: $ virsh -c qemu+ssh://localhost/system This asks for a password which

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 28 March 2019 22:02 Aki Tuomi via dovecot <dovecot@dovecot.org> wrote: </div> <div> <br> </div> <div> <br>

-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt > On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote: > > What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say? > > Bill > > On 10/7/2017 7:30 PM, SH Development wrote: >> I have a working dovecot/postfix/mysql server running

Hello, I'm using dovecot v2.0.21. According to http://wiki2.dovecot.org/SSL/DovecotConfiguration,dovecot 2.x supports different SSL certificate for different virtual hosts by using "local_name" directive, but I can't get it to work. When testing the certificate using "openssl s_client -connect domain.com:pop3s" I get the default certificate instead of

Am 2019-08-29 18:26, schrieb Gary Stainburn: > On Thursday 29 August 2019 16:47:11 Alexander Dalloz wrote: >> rpm -Vv nss > > [root at stan2 ~]# rpm -Vv nss > ......... /etc/pki/nss-legacy > ......... c /etc/pki/nss-legacy/nss-rhel7.config > ......... /etc/pki/nssdb > ......... c /etc/pki/nssdb/cert8.db > ......... c /etc/pki/nssdb/cert9.db > ......... c