[Dovecot] IMAPS: Disable SSL connection without client certificate

Ireneusz Szcześniak irek.szczesniak at gmail.com
Sat Jun 29 09:38:29 EEST 2013


Thanks for your email.  Yes, I looked before at that website before. 
I'm using these options with Dovecot 2.1.8, among others:

auth_ssl_require_client_cert = yes
ssl_verify_client_cert = yes
ssl_ca = </etc/ssl/certs/cacertcrl.pem

On 28.06.2013 23:34, Reindl Harald wrote:
>
> Am 28.06.2013 23:31, schrieb Ireneusz Szcześniak:
>> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great.  Dovecot serves IMAPS only,
>> and I'm using Thunderbird to access my mail.
>>
>> I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection.  I
>> configure my Thunderbird for SSL/TLS connection with normal password.  It works fine.
>>
>> However, with my config anybody can connect to my server without presenting a certificate
>
> google "dovecot ssl client certificate" leads to
> http://wiki.dovecot.org/SSL/DovecotConfiguration
>
> well, this is for dovecot 1.x, but have you tried it?
>
> Client certificate verification/authentication
> If you want to require clients to present a valid SSL certificate, you'll need these settings:
>
> ssl_ca_file = /etc/ssl/ca.pem
> ssl_verify_client_cert = yes
> auth default {
>    ssl_require_client_cert = yes
>    ..
> }

-- 
Ireneusz (Irek) Szczesniak
http://www.irkos.org


More information about the dovecot mailing list