[Dovecot] SSL comunication problems with client side.

Denis Iskandarov d.iskandarov at gmail.com
Mon Jun 13 20:10:46 EEST 2011


again me.
i got idea that i need crl
but i didn't understand where it should be located? (and yes i read
wiki but still...)

from config above u can see my certs location:
ssl_ca = </etc/pki/CA/cacert.pem
ssl_cert = </etc/pki/CA/mail/mx.office.dev.crt
ssl_key = </etc/pki/CA/mail/mx.office.dev.key

so i did next command for cacert and mail cert:
openssl ca -gencrl -crldays 3650 -keyfile mail/mx.office.dev.key -cert
mail/mx.office.dev.crt -out mail/mx.office.dev.crl
openssl ca -gencrl -crldays 3650 -keyfile private/cakey.pem -cert
cacert.pem -out cacert.crl

so for that momment i had:
/etc/pki/CA/cacert.pem
/etc/pki/CA/cacert.crl
and
/etc/pki/CA/mail/mx.office.dev.crt
/etc/pki/CA/mail/mx.office.dev.crl

still no luck ...geting "Invalid certificate: unable to get certificate CRL:"
and they are in .Pem format, but i still renamed them into
"cacert.crl.pem" and "mx.office.dev.crl"

no luck....

Pleaseeeeee, how to make this work ?


More information about the dovecot mailing list