similar to: ]UG] Dovecot 2.2.9 SSL client cert verification fails: openssl verify: OK

On Jun 15, 2016, at 9:38 AM, Warren Young <wyml at etr-usa.com> wrote: > > On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > >> I do not see neither starttls.com nor letsencrypt.org between Authorities >> certificates. > > That?s because they are not top-tier CAs. I forgot to mention that letsencrypt.com uses one of its

On Wed, June 15, 2016 10:48 am, Warren Young wrote: > On Jun 15, 2016, at 9:38 AM, Warren Young <wyml at etr-usa.com> wrote: >> >> On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> >> wrote: >> >>> I do not see neither starttls.com nor letsencrypt.org between >>> Authorities >>> certificates. >>

On Tue, Dec 29, 2009 at 12:36 PM, Lanny Marcus <lmmailinglists at gmail.com> wrote: > I looked on the openssl man page but am too dense with commands to > understand what I need to do..... ? Ran into problems generating a key > and CSR for SSL, ?because the web site is on a server with an old > Ensim Control Panel. ?Please someone knowledgeable, ?give me the > openssl commands

Hi there, Does anyone know how to do this: "Put all the certificates in the ssl_cert file. For example when using a certificate signed by TDC the correct order is: Dovecot's public certificate TDC SSL Server CA TDC Internet Root CA Globalsign Partners CA " I try to set these parameters in the conf.d/10-ssl.conf as below, but it seems doesn't work. ---

I'm getting this in the log when proxying IMAP (three "valid certificate" messages, two "Invalid certificate" messages) Why is dovecot (acting as a proxy to another dovecot instance here) not recognizing the StartCom Extended Validation Server CA? . LOGIN ralf.hildebrandt at charite.de mypassword Sep 25 14:13:04 auth-worker(30859): Info: mysql(sql.charite.de): Connected

Greg Bailey wrote: >> I'm really just asking if I cannot just use what I take to be >> the standard openssl certificate and key in /etc/pki/tls/ >> Do I really have to create up a special cert for dovecot? > There's not really a "standard" SSL certificate. Perhaps you're > referring to a "default" certificate used by the webserver? No. I

Hi All, I'm running TCP-based dsync replication on two dovecot nodes. Nowdays i tried to enable SSL (TCPS). I changed mail_replica prefix from tcp:* to tcps:* and added ssl=yes to the inet_listener. Then on running *doveadm sync* i'm getting the following message: " *doveadm(example at example.com <example at example.com>): Error: Couldn't initialize SSL context: Can't

Hi all, after upgrade from some 2.0 version to 2.2.19 (debian) i face map login problems: # doveconf -n # 2.2.19 (ca91d540fd87): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.9 # OS: Linux 2.6.32-5-amd64 x86_64 Debian 8.2 ext4 auth_debug = yes auth_debug_passwords = yes auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log hostname = test.my.domain.de

On 03/03/2015 08:12 AM, Timothy Murphy wrote: > Jason Pyeron wrote: > >>> I'm getting endless complaints about my dovecot cert, >> Exact message please? > The certificate does not apply to the given host > The certificate is not signed by any trusted certificate authority > >>> Do I really have to use a separate cert and key for dovecot? >>> Can

Dovecot SNI is failing hard today. Server with n domains, each with a startssl certificate of its own, all certificates expired this morning. Decision: move to Letsencrypt. Firsr certificate issued and installed. Other domains in the pipeline. Dovecot server rebooted. Expected result: one domain returning the new cert, and the n-1 domains returning the expiration notification. Actual result: the

Am 12.01.2015 um 13:29 schrieb Jonas Plitt: > *doveadm(example at example.com <example at example.com>): Error: Couldn't > initialize SSL context: Can't load CA certs from directory /etc/ssl/certs: > error:02001024:system library:fopen:File name too longdoveadm: Error: > Failed to iterate through some users*" > > this is my config (part): > > *ssl_cert =

I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for personal use (i.e. only me). I have success with self-signed certificates but not with others (e.g. StartSSL.com) With StartSSL certs: I've been able to connect and test commands via: openssl s_client -connect imaps.unixathome.org:993 Can you configure your iPhone or Macbook to access the above? Authentication

Hi, I'm running two Dovecot 2.2.9 Servers running replication. Users are the same. My Replication is very slow. Mails from Server one appear on Server two after 1-3 hours. Rarely i can see duplicated mails (Log message "Expunged message reappeared. Setting new UID"). This is my doveconf -n output: > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.0-44-generic x86_64

On Jun 15, 2016, at 7:57 AM, ????????? ???????? <nevis2us at infoline.su> wrote: > > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free Today, I would prefer Let?s Encrypt: https://letsencrypt.org/ It is philosophically aligned with the open source software world, rather than act as bait

Dear friends, First, thanks for helping me on ssh default option for smartcards. I recompiled SSH from CVS and it seems to work. I still have problems with: ssh-add -s /usr/lib/opensc-pkcs11.so Enter passphrase for PKCS#11: (I enter PIN code) SSH_AGENT_FAILURE Could not add card: /usr/lib/opensc-pkcs11.so pkcs11-tool --slot 1 -O Public Key Object; RSA 2048 bits label: Public Key ID:

Hi, On 2015-11-12 08:03, Frank Rust wrote: > Hi all, > after upgrade from some 2.0 version to 2.2.19 (debian) i face map > login problems: > > # doveconf -n > # 2.2.19 (ca91d540fd87): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.9 > # OS: Linux 2.6.32-5-amd64 x86_64 Debian 8.2 ext4 > auth_debug = yes > auth_debug_passwords = yes > auth_verbose = yes >

Thanks a lot! This was added by a new debian package file! They added the 15-mailboxes.conf file with this input-namespace. It?s a bad thing. For changed configuration the installer asks which version, old or new to take, but new files are installed without confirmation. But that?s a debian problem, not dovecot. Best regards, Frank > Am 12.11.2015 um 08:58 schrieb Christian Kivalo

Hello, the error is still present: May 8 19:47:18 opsys dovecot: imap-login: Disconnected (no auth attempts): rip=82.113.119.140, lip=78.46.216.126 Whenever I start a session with openssl to STARTTTL (Server: mail.opsys.de) the handshake is successfull. Also I am able to login to my account via 1 login. In Thunderbird port 993 for SSL/TLS works correct, only STARTTLS on port 143 isn't

Thank you! Ok, so I can omit ssl=no and startssl=no, and this results in default settings for ssl which is 'off'? Or the defaults are 'on' anyway? Can I somehow specify ports on remote hosts that proxy will use to connect to? Like (just image): 'proxy host_imap=10.1.1.1:143 host_pop=10.1.1.1:110' or somehow? On Mon, Sep 17, 2018 at 4:33 PM Aki Tuomi <aki.tuomi at

Hello, I stumbled across a 5-year-old post on the dovecot list about changing the dovecot hierarchy separator to enable shared mailboxes (http://www.dovecot.org/list/dovecot/2011-January/056201.html <http://www.dovecot.org/list/dovecot/2011-January/056201.html>). At the moment I?m stuck in a pretty similar situation. Migrated from courier to dovecot 2 years ago and preserved the