[Dovecot] client cert handling not working properly on centos 4.8
zhong ming wu
mr.z.m.wu at gmail.com
Sun Feb 28 04:45:42 EET 2010
Dear List
I've successfully installed/configured dovecot 1.2.10 with "require
client cert" on centos 5.4 and ubuntu server 9.10
I also need to install on centos 4.8 and after the following the exact
same procedure I can only get it working
if I commented out ssl_require_client_cert =yes and
ssl_username_from_cert = yes from the working config file.
This is even after compiling dovecot with openssl 0.9.8l on centos 4.8
If I copy the same "client_ca.crt" from centos 4.8 to centos 5.4 then
centos 5.4 does not problem in verifying client cert.
That file contain CRL as well as certificate which signs the pkcs12
file installed on the client.
The following log entries do not appear on centos 5.4
------------------
Feb 27 21:17:33 localhost dovecot: pop3-login: Invalid certificate:
unable to get certificate CRL: /C=US/ST=New York/L=Astoria/O=SnakeOil
Inc./OU=Email Administration/CN=web at example.com
Feb 27 21:17:33 localhost dovecot: pop3-login: Valid certificate:
/C=US/ST=NY/L=TEST/O=Internet Widgits Pty Ltd
-------------------
$ dovecot -n
# OS: Linux 2.6.9-89.0.20.EL i686 CentOS release 4.8 (Final) ext3
base_dir: /var/run/dovecot/
protocols: pop3
listen: 192.168.0.110
ssl_ca_file: /etc/pki/certs/dovecot/client_ca.crt
ssl_cert_file: /etc/pki/certs/vrane.com/pop.crt
ssl_key_file: /etc/pki/private/vrane.com/pop.key
ssl_parameters_regenerate: 29
ssl_verify_client_cert: yes
verbose_ssl: yes
login_dir: /var/run/dovecot//login
login_executable: /usr/libexec/dovecot/pop3-login
mail_location: maildir:/home/vmail/%d/%n
mail_executable: /usr/libexec/dovecot/pop3
mail_plugin_dir: /usr/lib/dovecot/pop3
auth default:
user: squab
debug: yes
ssl_require_client_cert: yes
ssl_username_from_cert: yes
passdb:
driver: passwd-file
args: /etc/dovecot/shadow/%d
userdb:
driver: static
args: uid=2000 gid=2000 home=/home/vmail/%d/%n
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
More information about the dovecot
mailing list