Re: STARTTLS issue with sieve

Am 08.07.2017 um 23:10 schrieb Heiko Schlittermann: Andreas Oster (Fr 07 Jul 2017 08:15:05 CEST): Hi all, I am currently struggling with an odd sieve/Pigeonhole issue. Some weeks ago I had to replace our dovecot certificate due to expiration. In the past I did use a

Re: STARTTLS issue with sieve

Am 07.07.2017 um 08:15 schrieb Andreas Oster: Hi all, I am currently struggling with an odd sieve/Pigeonhole issue. Some weeks ago I had to replace our dovecot certificate due to expiration. In the past I did use a self-signed certificate, but because we now have a little openssl based CA I

Re: STARTTLS issue with sieve

Am 10.07.2017 um 08:52 schrieb Heiko Schlittermann: Andreas Oster (Mo 10 Jul 2017 08:23:17 CEST): … Hello Heiko, removing the CA and intermediate certificates from the server certificate and adding the CA certs to the ca-certificates.crt resolved my issue. According

Re: STARTTLS issue with sieve

Andreas Oster (Mo 10 Jul 2017 08:23:17 CEST): … > Hello Heiko, > > removing the CA and intermediate certificates from the server certificate > and adding the CA certs to the ca-certificates.crt resolved my issue. According to what Peter wrote, I'd put the root CA to your

Re: STARTTLS issue with sieve

Am 08.07.2017 um 23:10 schrieb Heiko Schlittermann: Andreas Oster (Fr 07 Jul 2017 08:15:05 CEST): Hi all, I am currently struggling with an odd sieve/Pigeonhole issue. Some weeks ago I had to replace our dovecot certificate due to expiration. In the past I did use a

Re: STARTTLS issue with sieve

On 10/07/17 04:48, Heiko Schlittermann wrote: > Alexander Dalloz (So 09 Jul 2017 13:14:56 CEST): > … >> It is wrong to send the root CA along with the intermediate and server >> certificates. The root CA cert must be in the CA trust bundle of the client. > > I wouldn't say it

Re: STARTTLS issue with sieve

Roger Klorese (So 09 Jul 2017 18:49:27 CEST): > But if it won’t trust that copy, that invalidates the chain, right? For my understanding (I may be wrong) the client needs to trust one element of the chain, be it the certificate itself, or its signer or the root of the

Re: STARTTLS issue with sieve

But if it won’t trust that copy, that invalidates the chain, right? On Sun, Jul 9, 2017 at 9:48 AM Heiko Schlittermann wrote: > Alexander Dalloz (So 09 Jul 2017 13:14:56 CEST): > … > > It is wrong to send the root CA along with the intermediate and

Re: STARTTLS issue with sieve

Alexander Dalloz (So 09 Jul 2017 13:14:56 CEST): … > It is wrong to send the root CA along with the intermediate and server > certificates. The root CA cert must be in the CA trust bundle of the client. I wouldn't say it is wrong. But it should be useless, as the client wont

Re: STARTTLS issue with sieve

Am 08.07.2017 um 23:10 schrieb Heiko Schlittermann: As it seem, Pigeonhole sends you the full cert chain: *** Starting TLS handshake - Certificate type: X.509 - Got a certificate list of 3 certificates. - Certificate[0] info: - subject `C=DE,ST=Baden-Wuerttemberg,L=Ettlingen,O=NOVA

Re: STARTTLS issue with sieve

Andreas Oster (Fr 07 Jul 2017 08:15:05 CEST): > Hi all, > > I am currently struggling with an odd sieve/Pigeonhole issue. Some weeks ago > I had to replace our dovecot certificate due to expiration. In the past I > did use a self-signed certificate, but because we now have