[Dovecot] Dovecot with SSL Client Certification
Evaggelos Balaskas
ebalaskas at ebalaskas.gr
Mon Aug 3 22:10:18 EEST 2009
Indeed the problem was with ssl_ca_file.
After your reply, i was able to fully understand how ssl authentication
with x509 certificates works with dovecot.
Timo keep up the great job you are doing with dovecot.
Thank you very much for your answer.
PS: I am working on a mini howto on this, and i would be happy to
announce it on the list when it's complete (if that's ok with you)
Timo Sirainen wrote:
>> ...
>> openssl ca -gencrl -keyfile dovecot.key -cert dovecot.crt -out
>> dovecot.crl -selfsign
>
> What do you do with the dovecot.crl here? It's a client CRL and unless
> you add it to the Dovecot's CRL list it's not necessary. Also the
> -selfsign is ignored..
>> ...
>> ssl_ca_file: /opt/certificates/dovecot/dovecot.crl
>
> This is probably where the problem is. This file must contain the CA
> certificate and the CRL, not just the CRL. And initially the CRL should
> be empty.
>> ...
Evaggelos Balaskas
Unix System Engineer - http://ebalaskas.gr/wiki
Informatics Engineer Technological Education
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20090803/073b1dfb/attachment-0001.bin
More information about the dovecot
mailing list