On 05/30/18 10:41, A. Schulze wrote:
In the third case an administrator has to provide files with
certificates. And these files are required (by best practice)
Do you have any pointers to support such a strong statement?
to include any chain-certificates excluding the self signed root.
Our
Aki Tuomi:
There is already ssl_client_ca, for verifying clients. ssl_ca verifies
certs when dovecot is connecting somewhere.
For clarification:
there is a third use case an admin may need intermediate certificates:
And that's where dovecot act as server providing imap/pop3/lmtp/sieve
vi
On Mon, 28 May 2018 15:03:29 +0300, Aki Tuomi wrote:
>> Sounds good. How about (re)naming them ssl-{client,server}_ca?
>
> There is already ssl_client_ca, for verifying clients. ssl_ca verifies
> certs when dovecot is connecting somewhere.
So there's three? I had no idea...
Cheerio,
hauke
--
On 28.05.2018 14:30, Hauke Fath wrote:
> On Mon, 28 May 2018 13:52:01 +0300, Aki Tuomi wrote:
>> I'm sure. But putting it as ssl_ca makes no sense, since it becomes
>> confused what it is for.
> I guess - I haven't had a need for client certs, and only ever used
> ssl_ca for the server ca chain.
On Mon, 28 May 2018 13:52:01 +0300, Aki Tuomi wrote:
> I'm sure. But putting it as ssl_ca makes no sense, since it becomes
> confused what it is for.
I guess - I haven't had a need for client certs, and only ever used
ssl_ca for the server ca chain.
> We can try restoring this as ssl_cert_chain
On 28.05.2018 13:05, Hauke Fath wrote:
> On 05/28/18 11:08, Aki Tuomi wrote:
>>
>>
>> On 28.05.2018 12:06, Hauke Fath wrote:
>>> On 05/21/18 17:55, Aki Tuomi wrote:
ssl_ca is used only for validating client certificates.
>>>
>>> But it was used (though not documented, IIRC) for validating se
On 05/28/18 11:08, Aki Tuomi wrote:
On 28.05.2018 12:06, Hauke Fath wrote:
On 05/21/18 17:55, Aki Tuomi wrote:
ssl_ca is used only for validating client certificates.
But it was used (though not documented, IIRC) for validating server
certs, too. Since intermediate CA certs are usually vali
On 28.05.2018 12:06, Hauke Fath wrote:
> On 05/21/18 17:55, Aki Tuomi wrote:
>> ssl_ca is used only for validating client certificates.
>
> But it was used (though not documented, IIRC) for validating server
> certs, too. Since intermediate CA certs are usually valid a lot longer
> than the serve
On 05/21/18 17:55, Aki Tuomi wrote:
ssl_ca is used only for validating client certificates.
But it was used (though not documented, IIRC) for validating server
certs, too. Since intermediate CA certs are usually valid a lot longer
than the server certs, having to concat the certs is awkward,
You forgot to cc the list.
ssl_ca is used only for validating client certificates.
---Aki TuomiDovecot oy
Original message From: Marc Perkel Date:
21/05/2018 18:25 (GMT+02:00) To: Aki Tuomi Subject:
Re: SSL error after upgrading to 2.31
On 05/21/2018 07:54
Does ssl_cert file contain intermediates?
---Aki TuomiDovecot oy
Original message From: Marc Perkel Date:
21/05/2018 16:32 (GMT+02:00) To: dovecot@dovecot.org Subject: SSL error after
upgrading to 2.31
After upgrading to 2.31 I'm getting this
error. Not
After upgrading to 2.31 I'm getting this error. Not sure what I'm doing
wrong.
No (No signatures could be verified because the chain contains only one
certificate and it is not self signed.)
ssl = yes
ssl_cert =
12 matches
Mail list logo
