Displaying 20 results from an estimated 10000 matches similar to: "dovecot 2.3.x, ECC and wildcard certificates, any issues"
2018 Jul 30
4
dovecot 2.3.x, ECC and wildcard certificates, any issues
I don't know how to get both RSA and ECC cert from letsencrypt.
Aki
> On 30 July 2018 at 20:43 David Mehler <dave.mehler at gmail.com> wrote:
>
>
> Hello,
>
> What acme implementation do you use for your letsencrypt certificates?
> If it's acme.sh how do you get both rsa and ecc certificates? What
> configuration options are you using in your
2018 Jul 30
2
dovecot 2.3.x, ECC and wildcard certificates, any issues
Hello,
The client in question is the latest version of AquaMail running on android.
Thanks.
Dave.
On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> You should, in practice, enable both. This gives best client compability. It
> is possible you have clients that cannot understand ECC certificates? You
> can use ssl_alt_cert to provide RSA cert too.
>
> Aki
>
2018 Jul 30
2
dovecot 2.3.x, ECC and wildcard certificates, any issues
Hi,
Thanks, good news is that worked. Bad news is it all looks good which
means I do not know hwhy my remote clients can't get their email,
looked like from the logs it was that.
Would 143 be better or 993 for the external clients?
Thanks.
Dave.
On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>
>> On 30 July 2018 at 19:16 David Mehler <dave.mehler at gmail.com>
2018 Jul 30
0
dovecot 2.3.x, ECC and wildcard certificates, any issues
Hello,
I have discovered what I believe is the issue after hearing back from
Aquamail. And that is that android 7 which I'm running 7.0 that is,
only supports up to the p256 ecc curve. This brings up a question to
users of letsencrypt, when you revoke a certificate does it take it
out on the usage as well? I've got one domain that says i've issued to
many certificates for it and no
2018 Jul 30
0
dovecot 2.3.x, ECC and wildcard certificates, any issues
Hello,
What acme implementation do you use for your letsencrypt certificates?
If it's acme.sh how do you get both rsa and ecc certificates? What
configuration options are you using in your configuration of services
to allow access to both rsa and ecc?
Thanks.
Dave.
On 7/30/18, David Mehler <dave.mehler at gmail.com> wrote:
> Hello,
>
> The client in question is the latest
2018 Jul 30
0
dovecot 2.3.x, ECC and wildcard certificates, any issues
You should, in practice, enable both. This gives best client compability. It is possible you have clients that cannot understand ECC certificates? You can use ssl_alt_cert to provide RSA cert too.
Aki
> On 30 July 2018 at 20:05 David Mehler <dave.mehler at gmail.com> wrote:
>
>
> Hi,
>
> Thanks, good news is that worked. Bad news is it all looks good which
> means I
2018 Jul 30
2
dovecot 2.3.x, ECC and wildcard certificates, any issues
That is one of the reasons I do not bother since long with public CAs
but rather deploy my own, including own OSCP responder.
Which has of course has some drawbacks like redundancy, resilience,
bandwidth provision, geographical spread, implementing CA security
standards and CA trust in clients. Latter though could be easily
overcome if browser and email clients were to support DNSSEC/DANE
2018 Jul 30
0
dovecot 2.3.x, ECC and wildcard certificates, any issues
> On 30 July 2018 at 19:16 David Mehler <dave.mehler at gmail.com> wrote:
>
>
> Hello,
>
> Does dovecot 2.3.x have any issues recognizing or using certificates
> that are ECC and wildcard? I'm trying to switch my letsencrypt
> implementation from acme-client which does not support either of those
> capabilities to acme.sh which does. Since then external
2011 Oct 09
1
using ecc-certificates (ellyptic curve) will not establish connection
hi
I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :(
I tried to test using following scenario:
machine:
debian 6 (x64)
dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian
openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing)
2017 Mar 03
3
letsencrypt
Hello,
Thanks. Is there another way of doing this? I've got a web server
running on 80 and 443. Are there any other options?
Thanks.
Dave.
On 3/3/17, Michael Neurohr <mine at michi.su> wrote:
> On 2017-03-03 19:07, David Mehler wrote:
>> Hello,
>>
>> I know some users here are using letsencrypt for their CA. If this is
>> to off topic write me privately.
2017 Jan 04
3
Dovecot dsync tcps sends incomplete certificate chain
Hi,
I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and
a valid Let's Encrypt certificate.
I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the tcps method, but
when I launch the replication it fails writing on the log (/var/log/mail.err):
(Server 1 - sync "client" )| Error: sync: Disconnected from
2020 Apr 19
2
Dovecot and thunderbird authentication issue?
Hello,
I'm using Dovecot 2.2, Postfix 3.5, and am atempting to get the latest
version of Thunderbird to work. I tried account autoconfig which did
not work, so I had to manually enter information and correct other
information. On my server dovecot supports plane and login
authentication methods but only over starttls i've got a letsencrypt
certificate. My thunderbird configuration looks
2018 Aug 31
8
Certificates
Leo,
>> I would like to obtain an ssl certificate, so I can run my own imap server on a machine in my office.
>> I am assuming I'll need to pay a CA to generate what I need, but
>> I'm confused about what I need. I am running dovecot at teh moment,
>> but my clients (iphone, windows laptops) say my ssl connection is
>> not trusted. The phone just won't
2018 Jun 16
2
wildcard certificate
On 06/15/2018 06:11 PM, Keith Keller via CentOS wrote:
> You've already got the cert so it's not totally relevant, but in the
> future you can consider using Let's Encrypt. They won't distribute
> wildcard certs but unless you have lots of subdomains you can simply
> request a cert for every domain you need.
2018 Apr 02
4
multi-site SSL certificates
I'm handling mail for several domains, let's call them a.com, b.com,
and c.com. I have certificates for each of these domains individually
via certbot (letsencrypt) and nginx is happy with all of that.
Since I initially configured the site to handle mail only for a.com,
my /etc/postfix/main.cf file currently has these two lines:
smtpd_tls_cert_file =
2020 May 25
2
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
s_client: Option unknown option -trace
***
x509: Unknown parameter text
On 5/25/20 11:49 AM, Aki Tuomi wrote:
> Hi!
>
> Can you do
>
> openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem
>
> and check these things:
>
> your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see
2018 Jul 31
0
dovecot 2.3.x, ECC and wildcard certificates, any issues
On 2018-07-30 19:45, ????? wrote:
> That is one of the reasons I do not bother since long with public CAs
> but rather deploy my own, including own OSCP responder.
May I ask, how you create a CA which is valid for clients without them
having to install your root cert?
Cheers,
K. C.
--
regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944
Key fingerprint = 8A55 70C1 BD85
2019 Sep 07
2
Multiple certificate option
Thanks Michael I will check with the free cert lets encrypt to test it.
Remo
> Il giorno 7 set 2019, alle ore 02:09, Michael Hallager via dovecot <dovecot at dovecot.org> ha scritto:
>
> ?On 2019-09-07 12:25, remo--- via dovecot wrote:
>> What is the best way to adopt multiple certs?
>> Thanks.
>
> /etc/dovecot/conf.d/10-ssl.conf
>
> Primary SSL
2019 Sep 13
2
Multiple certificate option SNI
Hi
I have some problem with SNI and dovecot 2.2.36.4
Server debian 9.x ad dovecot-2.2.36.4
default server ssl cert is a wildcard like *.domain.com (digicert)
ssl_ca = /var/control/cert.pem
ssl_cert = </var/control/cert.pem
I added for test another domain (in dns to) for another ssl (letsencrypt)
from https://wiki.dovecot.org/SSL/DovecotConfiguration
like:
local_name
2018 Aug 29
3
SNI Dovecot
Hi all,
I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains.
I'm using letsencrypt certificates.
On the 10-ssl.conf, when I only use one domain, like this, it works :
ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem
ssl_key =