similar to: SSL fields as variables for SQL statements ...

Hi, I have, in one customer, a web server running on a Verisign-signed certificate SSL certificate. Everything works fine, IE and Firefox connects on https without asking anything, which usually happens on self-signed certificates. I'm trying to use that certificate on dovecot, but clients (Thunderbird basically) keeps saying the certificate is not valid. yes i'm using,

Can someone help me understand the overall picture of SSL certificates in this scenario? I have a working dovecot/postfix/mysql server. It has a certificate. I now want to create a second, essentially duplicate configured server for use with replication. What is the relationship between the certificate and the hostname, or the DNS entry since the certs are created using the server?s domain

Hello Timo, I'd like to check if my understanding of dovecot-1.2.x's SSL certificate handling is correct : SSL does not provide the server any mechanism to choose which certificate it must send relatively to the name the client is using. Thus, if you want to use different certificates, you have to listen to different addresses. This is an SSL limitation, not a dovecot nor

I thought I read somewhere that the hostnames on replicated dovecot servers had to be different. Is this simply the hostname you specify in the config for dovecot and can this be different than the actual unix hostname? Ethon B. > On Oct 11, 2017, at 11:04 PM, Anvar Kuchkartaev <anvar at anvartay.com> wrote: > > If you are using different hostname for each server then you need

On Thu, 14 Mar 2019 12:13:15 +0100 "Guido Goluke, MajorLabel via dovecot" <dovecot at dovecot.org> wrote: > Op 14-03-19 om 11:46 schreef mick crane via dovecot: > > Excuse dopey question. > > I'm not exactly clear about certificates. > > Apache2 default install has this snake oil certificate > > Can make a new one for apache > > Can make one

Hello, we're running RC2 and seeing a problem with the way SSL certs are handled by Dovecot. We've set ssl_verify_client_cert=yes and ssl_require_valid_client_cert=no. Using this setup we get (rather interesting) log entries like these: Jul 31 11:21:23 dev dovecot: imap-login: Invalid certificate: <user cert> Jul 31 11:21:23 dev dovecot: imap-login: Invalid certificate: <CA

Dear All This is my continuation of postfix setup. Following link http://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServerfor postfix setup. At one stage it says, Configuring The Server Setup SSL Certificate Now generate an SSL certificate for postfix and dovecot to have TLS support. Replace mail.example.com with your server hostname. > genkey --days 3650

Is there some reason to use a mail.domain.com cert for mail rarher than just using domain.com for everything? Historically the subdomain were used because they were on different hardware. That is www was on one machine and mail was on another. ? Original Message ? From: dovecot at dovecot.org Sent: March 14, 2019 3:56 PM To: dovecot at dovecot.org Reply-to: jtam.home at gmail.com

Excuse dopey question. I'm not exactly clear about certificates. Apache2 default install has this snake oil certificate Can make a new one for apache Can make one for dovecot Can make one for ssl Is there supposed to be the one (self signed ) certificate pair in one place for the machine that each process hands out ? Can they be moved to another machine ? mick -- Key ID C7D6E24C

Hello all, I''m trying to figure some things out with SSL and would appreciate some help or best practices here. I''m implementing auto scaling over Amazon EC2 for some services I have, all of the instances are based on the same AMI and I''m using Puppet to configure the hosts when they come up to make sure they have the latest configuration, also I''m using

Hi, In case of tl;dr: I fixed a bug in TLS support for LMTP which caused chained certificates not to work, and another one which caused certificate read errors to be ignored; the patches are attached to this email. While testing LMTP with TLS and certificate verification by Postfix I discovered that certificate chains are not exchanged properly when using LMTP, even though everything works fine

Hello, is possible in some way use on each ip address different certificate (for imap, for pop3). There are options like (but that is not enough for me): protocol imap { listen = *:10143 ssl_listen = *:10943 .. } protocol pop3 { listen = *:10100 .. } I have server for 4 domains (each has own ip address), so i need bind one ip address to one domain to one certificate(each certificate

Hi, I'm running a new dovecot 2.0.9 under Centos 6.4. I'm having an issue with SSL certificate not being accepted by the email client. I have my own CA and I have generated certificates for web usage without a problem. For imaps and pop3s what I did was generate a certificate for the hostname of my dovecot server and then cat that cert with the intermediate and root CA certificates. No

Good time of the day! My English is not very good, excuse me if I said something wrong. I use dovecot-2.1.16 on Gentoo Linux amd64. I need to setup dovecot (imap and pop3) for SSL and non-SSL connection simultaneously. For SSL connections client must submit a valid SSL certificate. Now SSL part of dovecot.conf looks like this: ----------------- ssl = yes ssl_cert =

In reading through the mailing list, this question seems to have come up before, but never quite answered. I bought a certificate from Digital Signature Trust which is a well known certificate authority. The reason I bought my certificate, was so that email clients connecting to my imaps server wouldn't be bothered with warnings of unrecognized certificate authority as they would see with a

Hi! I know this should be asked to the Openldap mailing list but: I?m trying to set up a Samba/ldap environment were the Samba server is separated from the ldap server. Everything seams to work on the ldap server and when I do a ldapsearch like this: ldapsearch -H ldap://l1.dbb.su.se/ -b dc=dbb,dc=su,dc=se ?x Everything works on both. But when I do: ldapsearch -H ldaps://l1.dbb.su.se/ -b

It's the top of chain CA cert, so browsers are being lazy and helpful to humans by (incorrectly, albeit) relying on the existing trust relationship. libcurl (et al) is not nearly as forgiving. On Sat, May 30, 2020 at 5:01 PM peter dalgaard <pdalgd at gmail.com> wrote: > > Odd. Safari has no problem and says certificate expires August 16 2020, but I also see the download.file

Hi I have set up dovecot with a self signed SSL certificate, created with the mkcert.sh script. Now I see the following in the log: pop3-login: SSL_accept() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown [206.124.112.22] pop3-login: Disconnected: rip=206.124.112.22, lip=204.3.153.71, TLS handshake Is this caused by my self certified certificates. Or is it

Good time of the day! It is possible to setup dovecot with different requirements for SSL and non-SSL protocols? What would I like to do: pop3/imap non-SSL = allowed plain text authentication. pop3/imap with SSL = allowed plain text authentication with required valid SSL certificates. I need to allow access from any IP address for first group of users, which have valid SSL certificates. And

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, This question may be slightly OT for this list, but it does concern securing services on my FreeBSD servers :-) At the moment I have some existing (self-signed) SSL certs for Dovecot, Exim and Apache. It's mostly only me that uses them for now, but I'm planning on expanding that, so want to try and do things "right". My