similar to: /etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism

Displaying 20 results from an estimated 3000 matches similar to: "/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism"

2015 Feb 16
1
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
Thanks for the note. I had never seen anything in the postfix and apache documentation that the CRLs could be intermingled with the CRTs in the CRT file. The documentation for those programs suggests putting the CRLs in a separate file (e.g. apache SSLCARevocationFile) or doesn't talk about putting CRLs in with the certs (e.g. postfix smtpd_tls_cert_file). If it works to put them all in one
2015 Feb 17
0
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
On 2015/2/16 16:28, Jochen Bern wrote: > On 02/16/2015 04:23 PM, Reindl Harald wrote: >>> "The CA file should contain the certificate(s) followed by the >>> matching CRL(s). Note that the CRLs are required to exist. For a >>> multi-level CA place the certificates in this order: >>> >>> Issuing CA cert >>> Issuing CA CRL
2015 Feb 16
0
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
Am 16.02.2015 um 15:53 schrieb dovecot at lists.killian.com: > Why not /etc/dovecot/private? That's where I put my dovecot certs. Dovecot's needs are a bit different from other software, and so it is unclear whether the files won't be unique to it. For example, I haven't seen the following before I read it on the Dovecot wiki: > > "The CA file should contain the
2015 Feb 16
0
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
This directory in later times is where more and more distros are putting system wide server CA type certs, most distros are moving to this path, so the package maintainer should fix their script, maybe to /etc/ssl/private or such. On 2/16/15, Wolfgang Gross <WGross at uni-hd.de> wrote: > Hi, > > this is not a genuine Dovecot bug, more a nuisance. > It applies to OpenSuse 13.2
2015 Feb 16
3
/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
Hi, this is not a genuine Dovecot bug, more a nuisance. It applies to OpenSuse 13.2 but maybe also to other Linux's. The standard installation of Dovecot (especially 10-ssl.conf) places the certificate dovecot.pem in /etc/ssl/certs. Sometimes during updates does OpenSuse renew all certificates in /etc/ssl/certs and erases dovecot.pem. This blocks further access to the mailbox. I found a
2013 Apr 07
1
ssl_require_crl does not work as expected
Hi I'm trying to use dovecot with client certificates. We produce our certificates with our on CA and we do NOT use certificate revocation lists. So I put "ssl_require_crl = no" into 10-ssl.conf. I did not find a solution neither in the wiki nor somewhere else, so I finally started to read the source. My impression is that openssl will always try to use CRLs. If
2009 Nov 04
2
Certificates Revocation Lists and Apache...
Hi, already asked in the openssl mailing list, but just in case you already went through this... I need a little help with Certificate Revocation Lists. I did setup client certificates filtering with apache and it seem to work fine so far (used a tutorial on http://www.adone.info/?p=4, down right now). I have a "CA" that is signing a "CA SSL". Then, the "CA SSL" is
2009 Mar 13
1
how to handle CA CRL updates with client certificate verification context ?
Hello, As far as I can read in the Dovecot SSL configuration wiki page, each CA cert must be followed by the related CA CRL in the client certificate verification context ("ssl_ca_file" setting). In my company we do have our own PKI and as soon as Client certificate is compromised we do revoke it and update the related CA's CRL. Does that mean that I have to issue a new
2019 Jun 16
2
Self-signed TLS client certificates
Dear List, I self-host my e-mail and run Dovecot since ever I do that. Dovecot version is 2.3.4.1 (f79e8e7e4), running on Debian testing. Now I am trying to configure Dovecot for client TLS certificates. I have a self-signed certificate whose private key resides on a smartcard (Yubikey, to be exact). I wanted Dovecot to accept that TLS client certificate instead of a password. So I searched and
2014 Aug 27
2
multiple IMAP sessions when connecting from one client
Hello, I am using Postfix/Dovecot/IMAP. Everything is working fine, but I have noticed that every time I connect with Thunderbird to my server via IMAP, not one but 4 connections are being logged into /var/log/mail/mail.log: 2014-08-27 09:17:46 dovecot: imap-login: Login: user=<martin>, method=PLAIN, rip=11.22.33.44, lip=55.66.77.88, mpid=12519, TLS, session=<uyb/N5cB+gBUDFRB>
2014 Jul 17
3
Sieve: adding Date: header when missing
Hello, there is a way with a sieve rule to add a Date: header when it is missing? Adding one with the time of reception of the message or using the date from the the first Received: header would be good options. Unfortunately I'm receiving some useful automated messages that lack a Date header and this screws up the sorting in my imap clients. I have a script to fix those acting on the
2015 Apr 09
15
Calendar and address book with Dovecot
Hi all I recently install Postfix and Dovecot, and so far so good. My assumption was that calendar and address book (similar to Gmail calendar or address book) are part of Dovecot. However I do not see anything concerning them in any of the docs I have read so far. What other software (ideally open source, free) do I need in other to have Calendar and address book so my users can manage their
2014 Aug 18
2
IMAP on 993/SSL or 143/STARTTLS?
Hi, I have a postfix+dovecot-2.2.13 system and have configured it to support IMAPS on 993 with SSL/TLS. I'm noticing with users using Thunderbird, the autodetect defaults to IMAPS on 143 with STARTTLS. Which is preferred? Which is more secure? Which is more common? Why would someone choose one over the other? Can I ask the same question about SMTP and submission? Why would one choose 587
2014 May 11
2
questions about process_limit
Hello all! # dovecot --version 2.1.17 Sometimes I have this in the logfile: May 11 16:55:52 master: Warning: service(imap-login): process_limit (100) reached, client connections are being dropped May 11 17:35:03 master: Warning: service(imap-login): process_limit (100) reached, client connections are being dropped May 11 17:36:27 master: Warning: service(imap-login): process_limit (100)
2014 Jun 17
3
RFE: dnsbl-support for dovecot
after having my own dnsbl feeded by a honeypot and even mod_security supports it for webservers i think dovecot sould support the same to prevent dictionary attacks from known bad hosts, in our case that blacklist is 100% trustable and blocks before SMTP-Auth while normal RBL's are after SASL i admit that i am not a C/C++-programmer, but i think doing the DNS request and in case it has a
2016 Jul 14
5
controlling STARTTLS by IP address
> Seems like your firewall could redirect to a different port that doesn't > offer starttls. Yes, of course. But that would require multiple ports, making the client configuration cumbersome and error-prone. Michael
2015 Mar 04
4
IP drop list
Am 04.03.2015 um 21:03 schrieb Dave McGuire: > On 03/04/2015 02:12 PM, Michael Orlitzky wrote: >>> I would like to reiterate Reindl Harald's point above, since subsequent >>> discussion has gotten away from it. If Dovecot had DNS RBL support >>> similar to Postfix, I think quite a few people would use it, and thereby >>> defeat the scanners far more
2015 Sep 21
4
Dovecot proxy ignores trusted root certificate store
On Mon, 21 Sep 2015, Edgar Pettijohn wrote: > doveconf -n? doveconf -n|grep ssl should suffice: ssl = required ssl_ca = </usr/local/share/certs/ca-root-nss.crt ssl_cert = </path/to/my/file.pem ssl_key = </path/to/my/file.pem ssl_require_crl = no I'm using "ssl_ca = </usr/local/share/certs/ca-root-nss.crt" as a temporary workaround, even though this is not what
2017 Sep 21
2
Restrict root clients / experimental patch
Hi All, I would like to use glusterfs in an environment where storage servers are managed by an IT service - myself :) - and several users in the organization can mount the distributed fs. The users are root on their machines. As far as I know about glusterfs, a root client user may impersonate any uid/gid since it provides its uid/gid itself when it talks to the bricks (like nfsv3). The thing
2007 May 29
2
Client certificate verification/authentication
I would like to use Client certificate verification/authentication. My MTA used this function. I've a problem to make a valid certificate. For my MTA i used : openssl req -new -nodes -x509 -keyout user_key.pem -out user_req.pem -days 365 openssl ca -out user_signed.pem -infiles user_req.pem openssl pkcs12 -in user_signed.pem -inkey user_key.pem -out user.p12 -export -name "user at