[Dovecot] client certs with godaddy ssl cert

Harondel J. Sibble help at pdscc.com
Sun Oct 12 09:43:10 EEST 2008



On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote:

> What is important: you can not self-sign each client certificate, but
> you need a CA with a self-signed root instead. I think you understand
> that already, just noting that for completeness. 
> Then you simply configure Dovecot as described in 
> http://wiki.dovecot.org/SSL/DovecotConfiguration
 
> To sum it up: ssl_cert_file is responsible for server side TLS/SSL and
> needs to contain the complete verification path for the server
> certificate. It has no influence on client certs. ssl_ca_file is used
> for client cert verification only, and does not need to cover the
> server certificate. 
 
Okay, got this mostly working, currently testing with a Nokia e61i smartphone 
and having a problem which I'm not quote clear on where it lies, phone issue, 
postfix issue or dovecot sasl issue

Here's the problem, I can successfully authenticate to dovecot via imap using 
client certs, however when I attempt to send an email, that is giving me 
errors as follows

Oct 11 23:09:40 server postfix/smtpd[25720]: xsasl_dovecot_handle_reply: auth 
reply: FAIL?1?reason=Client didn't present valid SSL certificate
Oct 11 23:09:40 server postfix/smtpd[25720]: warning: 
unknown[192.xxx.yyy.zzz]: SASL LOGIN authentication failed: Client didn't 
present valid SSL certificate
Oct 11 23:09:40 server postfix/smtpd[25720]: > unknown[192.xxx.yyy.zzz]: 535 
5.7.0 Error: authentication failed: Client didn't present valid SSL 
certificate

On the phone, there is only the self signed personal cert used to 
authenticate for imap. Postfix is set to authenticate using the same self 
signed CA, server cert and server key.

Any ideas on what I should look at next?

I've already wiped all the certs from both the server and the phone and 
recreated a new CA, but same problem occurs.

Kinda out of ideas, any suggestions?
-- 
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice/fax)      (604) 686-2253 (pager)



More information about the dovecot mailing list