[Dovecot] signing dovecot certs with own Cert. Auth.
Timo Sirainen
tss at iki.fi
Fri Sep 23 15:16:37 EEST 2005
On Tue, 2005-09-20 at 13:24 -0400, John Peacock wrote:
> blaq b0x wrote:
> > I'm trying to get apache, sendmail , and dovecot to
> > use SSL certs signed by my own CA. I've got the apache
> > certs working fine.
>
> Did you remember to tell Dovecot what CA was use to sign the cert? You
> should have already extracted the trusted root public key for Apache's
> usage, so you should change this line:
>
> > # File containing trusted SSL certificate authorities. Usually not needed.
> > #ssl_ca_file =
>
> to point to the CA's trusted root file. SSL certs must have the entire
> chain available in order to be trusted.
Actually that's needed. Client cares about the CA, server doesn't. The
above setting is used only when checking if client presenced a valid
certificate under the CAs given in that file, and use that in
authentication checks. Most clients don't support this at all.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20050923/359cef95/attachment.pgp
More information about the dovecot
mailing list