I guess what I don't understand is why the IP address approach is more
attractive to you, and why you think the "public Internet" path is less good.
Best regards,
A
--
Please excuse my clumbsy thums
----------
On December 21, 2017 12:47:47 AM Joseph Ward <jbwli...@hilltopgroup.com> wrote:
Hi,
I have two servers (HA configuration) on which I'm attempting to get
replication working over SSL. They're at two different sites, but
connected via a site-site VPN.
Everything seems to be fine, except that the certificates are not
validating as I'm using IP addresses for the sync, as opposed to the
public hostnames for which the certificates are valid, and so I get the
following error:
doveadm(user@domain): Error: doveadm server disconnected before
handshake: SSL certificate doesn't match expected host name 10.x.x.x
I'm on Dovecot 2.2.33.
Is there any way to disable the certificate checking/validation for the
sync engine?
(
I'm aware of at least a couple of fallback options:
-have a self-signed cert for replication and use the Let's Encrypt
one for IMAP/POP
- create firewall rules allowing them to connect to each other over
the public internet so that it can validate the proper cert
These are both much less palatable than simply disabling the cert
validation if it's possible.
)
Thank you in advance for any assistance,
Joseph
