similar to: Problem reading SSL key

Not much of a noob, but I will try. I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them. I am getting this error: SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not exist or is empty It's a cute error. I have checked several times for misspellings, looked at the enmu.edu.crt

Hello, I'm using dovecot v2.0.21. According to http://wiki2.dovecot.org/SSL/DovecotConfiguration,dovecot 2.x supports different SSL certificate for different virtual hosts by using "local_name" directive, but I can't get it to work. When testing the certificate using "openssl s_client -connect domain.com:pop3s" I get the default certificate instead of

Dear All This is my continuation of postfix setup. Following link http://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServerfor postfix setup. At one stage it says, Configuring The Server Setup SSL Certificate Now generate an SSL certificate for postfix and dovecot to have TLS support. Replace mail.example.com with your server hostname. > genkey --days 3650

Hi, after switching from chan_sip to chan_pjsip, a device running Grandstream Wave leads to the following error message on the asterisk console: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines- ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:43357 Something with the encryption must have changed with asterisk. How can I get the device to

> On 22/09/2020 21:00 PGNet Dev <pgnet.dev at gmail.com> wrote: > > > On 9/22/20 10:51 AM, Aki Tuomi wrote: > >>> > > > > Well, dovecot does not actually do any parsing for system-wide openssl.cnf. This sounds more like OpenSSL issue than dovecot issue. > > I've NO issue with that config/setting with any _other_ app -- whether in general

Hi, I recognised some funny behaviour on my server. IMAP clients which won't send an Server Name Indication (SNI) sometimes get the wrong certificate. I would expect that those clients always get the default certificate (of my new domain), instead in about 20 to 50% of connections the certificate of my old domain will be presented. (sample rate was 3 times 30 connections) Clients sending SNI

I've dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 , atm on Fedora32. I configure /etc/pki/tls/openssl.cnf to set preferences for apps' usage, e.g. Postfix etc; Typically, here cat /etc/pki/tls/openssl.cnf openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect

When I install an SSL certificate, I can't find a config option to set configure the Server Certificate Chain file... Is this not possible or can I do it another way? (When I connect, I am being told the Signature status is uncheckable...) Regards, BTJ -- ----------------------------------------------------------------------------------------------- Bj?rn T Johansen btj at havleik.no

On 01.10.2019 14:06, Rowland penny via samba wrote: > On 01/10/2019 12:51, Arkadiusz Karpi?ski wrote: >> >> On 30.09.2019 20:03, Rowland penny via samba wrote: >>> On 30/09/2019 18:06, akarpinski wrote: >>>> Samba version is 4.10.7 >>>> >>>> smb.conf: >>>> >>>> # Global parameters >>>> [global]

-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt > On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote: > > What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say? > > Bill > > On 10/7/2017 7:30 PM, SH Development wrote: >> I have a working dovecot/postfix/mysql server running

I changed some of the tls options following the document, now config is following: tokeninfo_url = https://keycloak.com/auth/realms/mail/protocol/openid-connect/token introspection_url = https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect introspection_mode = post debug = yes rawlog_dir = /tmp/oauth2 #force_introspection

On 06/12/2019 20:54, Aki Tuomi via dovecot wrote: > Hi! > > It seems there is a bug in the oauth2 driver, it loads the cert files wrong way. I'll make an internal bug report of this. Tracking as DOP-1590. Regards, Stephan. >> On 06/12/2019 16:42 mizuki <mizuki0621 at gmail.com> wrote: >> >> >> Hi, >> >> For troubleshooting purposes, I

Hello, I do vulnerability test on my infrastructure, and I get report about weak ciphers on samba services, is it possible to set stronger ciphers for samba? On old samba3 that was possible to set "ssl ciphers" in smb.conf, but now I don't see any documentation how to change it. Is it possible, if so, how? -- Arkadiusz Karpi?ski Efinity Sp. z o.o. 02-672 Warszawa, ul.

Hello, I have 2 Dovecot 2.3.8 servers running SSL with valid wildcard certificates. Email clients connect fine, https://www.immuniweb.com/ssl/ tests show certificates are ok. However I can't make replication work when I add ssl = yes. Without ssl it works ok. I added verbose_ssl in config and error log shows: dovecot: doveadm(149.x.x.x): Error: SSL handshake failed: SSL_accept()

I have a working dovecot/postfix/mysql server running and was trying to set up another one for replication purposes. If I copy my certificates from the working server, everything works fine. However, I purchased another updated certificate for the replication server, and I cannot get dovecot to start up. Keep getting: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line

Even though it seems dovecot (using 2.2.33.1) supports haproxy's send-proxy-v2, it seems to lack send-proxy-v2-ssl (which also sends client's ssl state). It would be a nice feature for the backend server to identify clients so one wouldn't have to use disable_plaintext_auth on a production environment. --- haproxy.cfg frontend pop3 bind [::]:110 v4v6 bind

On 09/03/16 10:44, Florent B wrote: > Hi, > > I don't see any SSL configuration option in Dovecot to disable > "Client-initiated secure renegotiation". > > It is advised to disable it as it can cause DDoS (CVE-2011-1473). > > Is it possible to have this possibility through an SSL option or other ? > > Thank you. > > Florent ssl_protocols = !SSLv3

Sure, and thanks for trying to help! These are the two correct answers when SNI is included. The certificates are fully chained. Both certificates carry the same subject mail.cs.sbg.ac.at but differ in Subject Alternative Name (SAN). X509v3 Subject Alternative Name:? ? DNS:mail.cs.sbg.ac.at, DNS:smtp.cs.sbg.ac.at, DNS:imap.cs.sbg.ac.at, DNS:pop.cs.sbg.ac.at X509v3 Subject Alternative Name:? ?

On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote: > On 09-03-16 13:14, djk wrote: >> On 09/03/16 10:44, Florent B wrote: >>> Hi, >>> >>> I don't see any SSL configuration option in Dovecot to disable >>> "Client-initiated secure renegotiation". >>> >>> It is advised to disable it as it can

Hi all, We'd like to enable OAuth with Keycloak in Dovecot, after enabling 'OAUTHBEARER XOAUTH2' in Dovecot based on online document, I can confirm Dovecot is ready for OAuth using openssl command, however when the auth request comes in, it failed in establishing a SSL connection with Keycloak server on port 443, shown as following in debug logs. I can confirming using commands