When using Auth policy server it doesn’t currently doesn’t support https.
In version 2.2.27: Policy server HTTP error: 9002 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) and in version 2.3.devel Policy server HTTP error: 9002 Requested https connection, but no SSL settings given dovecot.conf does have “ssl_client_ca_dir = /etc/ssl/certs” set. Looking around the source, http-client-settings are not given the ssl_ca_dir or ssl_ca_file setting from the config. Admittedly SSL tear up/down is little expensive per auth, but I think it maybe it should still work?
