Displaying 20 results from an estimated 5000 matches similar to: "Server certificate verification error with Dovecot 2.3.2.1"
2018 Sep 13
0
Server certificate verification error with Dovecot 2.3.2.1
On Wed, 12 Sep 2018, Robert Gill wrote:
> I'm attempting to upgrade my Dovecot installation to 2.3.2.1. My SSL
> certificate authority provides a bundle containing their CA, plus
> intermediate CAs, which I configure using the 'ssl_ca' option. The
> comments in the configuration file say to only set this when you're
> requiring client certificates, which I'm
2019 Aug 06
7
Upgrading to v2.3.X breaks ssl san?
2015 Oct 11
2
dovecot as proxy and verification of the backends certificate
Hello,
I'm using a dovecot as proxy, connecting to one or more backends.
The backends use X.509 certificates.
The proxy's passdb returns
extra fields:
user=foo
proxy
host=backend1.<domain>
ssl=yes
nopassword=y
Thus the proxy connects to the backend but can't verify the backends
certificate.
The following comment suggests using ssl_client_ca_file for
2012 Sep 17
1
Proxy connection timeouts
We are seeing a few (0-15) proxy failures like the following out of ~3m
successful proxied connections a day. Average session creation load over
our peak hour is about 47/sec. The backend servers aren't logging
anything that would suggest any internal problem like insufficient
processes to handle the load. It doesn't seem to happen when
utilization is lowest at night.
dovecot:
2018 Mar 30
1
Issue with a bug with imap-login
Hello,
Currently working on migrating our existing directors from 2.1.13 to
2.2.10. In 2.2.10 when issuing the logout command on an unauthenticated
connection, the connection is closed before the server sends the BYE
line to the client. The new version works as expected with a non-secure
connection. I will include the strace output from the imap-login process
that shows the connection closing
2018 May 21
1
SSL error after upgrading to 2.31
After upgrading to 2.31 I'm getting this error. Not sure what I'm doing
wrong.
No (No signatures could be verified because the chain contains only one
certificate and it is not self signed.)
ssl = yes
ssl_cert = </etc/exim/certs/ctyme.com.crt
ssl_key = </etc/exim/certs/ctyme.com.key
ssl_ca = </etc/exim/certs/ca.crt
local mail.ctyme.com {
? protocol imap {
??? ssl_cert =
2018 May 28
3
SSL error after upgrading to 2.31
On 28.05.2018 14:30, Hauke Fath wrote:
> On Mon, 28 May 2018 13:52:01 +0300, Aki Tuomi wrote:
>> I'm sure. But putting it as ssl_ca makes no sense, since it becomes
>> confused what it is for.
> I guess - I haven't had a need for client certs, and only ever used
> ssl_ca for the server ca chain.
>
>> We can try restoring this as ssl_cert_chain setting in
2015 Oct 13
0
dovecot as proxy and verification of the backends certificate
On 11 Oct 2015, at 20:04, Heiko Schlittermann <hs at schlittermann.de> wrote:
>
> Hello,
>
> I'm using a dovecot as proxy, connecting to one or more backends.
> The backends use X.509 certificates.
>
> The proxy's passdb returns
>
> extra fields:
> user=foo
> proxy
> host=backend1.<domain>
> ssl=yes
> nopassword=y
2015 Sep 21
4
Dovecot proxy ignores trusted root certificate store
On Mon, 21 Sep 2015, Edgar Pettijohn wrote:
> doveconf -n?
doveconf -n|grep ssl should suffice:
ssl = required
ssl_ca = </usr/local/share/certs/ca-root-nss.crt
ssl_cert = </path/to/my/file.pem
ssl_key = </path/to/my/file.pem
ssl_require_crl = no
I'm using "ssl_ca = </usr/local/share/certs/ca-root-nss.crt" as a
temporary workaround, even though this is not what
2018 May 21
2
SSL error after upgrading to 2.31
You forgot to cc the list.
ssl_ca is used only for validating client certificates.
---Aki TuomiDovecot oy
-------- Original message --------From: Marc Perkel <marc at perkel.com> Date: 21/05/2018 18:25 (GMT+02:00) To: Aki Tuomi <aki.tuomi at dovecot.fi> Subject: Re: SSL error after upgrading to 2.31
On 05/21/2018 07:54 AM, Aki Tuomi
wrote:
2018 Aug 29
3
SNI Dovecot
Hi all,
I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains.
I'm using letsencrypt certificates.
On the 10-ssl.conf, when I only use one domain, like this, it works :
ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem
ssl_key =
2012 Sep 03
4
TIMO HELP! director ring wont stay connected
I've had 2x director ring up and running with production load on 2.1.8
with around 10,000 active connections for two weeks and everything has
been working great - until this morning.
There isn't anything obvious in the logs beyond the fact that the
director connections started bouncing. It was not resolved by reloads
or restarts or an upgrade to 2.1.9 (only the directors.)
I've
2019 Aug 08
1
Upgrading to v2.3.X breaks ssl san?
On Wed, 7 Aug 2019 20:24:13 +0300 (EEST), Aki Tuomi via dovecot wrote:
>> i thought ssl_ca is where to put the intermediate cert?
Well, it surely worked that way until v2.3...
> (Sorry for duplicate mail, keyboard acted up...)
>
> No, that has always been a mistake and it was fixed in 2.3. Our SSL
> pages in documentation & wiki have always recommended concatenating
>
2017 Mar 15
0
Unable to create needed folders
Greetings,
The log reports that a process cannot create the needed folders. Please review and tell me what I have done wrong.
dovecot 2.0.9
# 2.0.9: /etc/dovecot/dovecot.conf
doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:85: protocol { ssl_listen } has been replaced by service
2017 Mar 15
0
FW: Unable to create needed folders
Never mind,
I am stupid and did not read all available information. Needed to change permissions on /var/mail/*
Thank You,
Ken Z
-----Original Message-----
From: Ken Zachreson
Sent: Wednesday, March 15, 2017 10:28 AM
To: 'dovecot at dovecot.org' <dovecot at dovecot.org>
Subject: Unable to create needed folders
Greetings,
The log reports that a process cannot create the needed
2012 Aug 09
1
looking for information on Vacation auto-reply
Hello
We are looking for information on how to use Vacation auto-reply .
I've read http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage and a few
other pages, but have not found how to set it up.
We use sogo and thunderbird .
Is there a how to or document for this somewhere?
This is our configuration information:
dovecot -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux
2017 May 31
2
Bug with 2.2.29-1~auto+25 back to haunt me
> On May 31, 2017 at 6:10 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote:
>
>
> * Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>:
>
> > So I added
> > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt
> >
> > But alas:
> > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in
2017 May 31
2
Bug with 2.2.29-1~auto+25 back to haunt me
After upgrading from 2.2.28-1~auto+45 to 2.2.29-1~auto+25 I'm gettings
this:
May 31 16:44:31 mproxy dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file setting
May 31 16:44:31 mproxy dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs
May 31 16:44:31 mproxy dovecot: imap-login: Disconnected: Auth process broken
2019 Apr 18
2
ssl_verify_server_cert against SAN?
2017 Jun 02
2
Bug with 2.2.29-1~auto+25 back to haunt me
> On June 1, 2017 at 1:42 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote:
>
>
> * Aki Tuomi <aki.tuomi at dovecot.fi>:
>
> > > > So I added
> > > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt
> > > >
> > > > But alas:
> > > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting