[Dovecot] SSL and certificate authorities.

Zach Bagnall zach.bagnall at bulletinwireless.com
Thu Nov 20 22:32:02 EET 2003


On Thu, 20 Nov 2003 18:28:51 +0200, Timo Sirainen <tss at iki.fi> wrote:
> What exactly does this patch do? Gives client a list of accepted CAs,
> but it doesn't look like it actually requires client to provide a
> valid certificate?

On Tue, 18 Nov 2003 11:03:08 +1300, James Tyson <james at giantrobot.co.nz>
wrote:
> Also, is there a configuration directive for dovecot to add the
> issuers ca bundle similar to apache's SSLCACertificateFile?

I'm no SSL expert, but I took the requested feature to be a way to "make
additional certificates available in order to complete a certificate
chain".

The apache equivalent, SSLCACertificateFile refers
(http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslcacertificatefile
)to client authentication but that is just one use.

For example, Verisign 128 bit certs require an "intermediate
certificate" to be loaded into Apache to complete the chain and be
accepted by SSL clients. See
http://www.verisign.com/support/install/apache/v00g.html

The ssl_ca_file option is just that - a way to make extra certs
available when required.

Zach.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20031121/0a2ead88/attachment-0001.bin>


More information about the dovecot mailing list