Disable ssl validation for replication?

Joseph Ward jbwlists at hilltopgroup.com
Thu Dec 21 01:46:24 EET 2017


I have two servers (HA configuration) on which I'm attempting to get
replication working over SSL.  They're at two different sites, but
connected via a site-site VPN.

Everything seems to be fine, except that the certificates are not
validating as I'm using IP addresses for the sync, as opposed to the
public hostnames for which the certificates are valid, and so I get the
following error: 

doveadm(user at domain): Error: doveadm server disconnected before
handshake: SSL certificate doesn't match expected host name 10.x.x.x

I'm on Dovecot 2.2.33.

Is there any way to disable the certificate checking/validation for the
sync engine? 

I'm aware of at least a couple of fallback options:
    -have a self-signed cert for replication and use the Let's Encrypt
one for IMAP/POP
    - create firewall rules allowing them to connect to each other over
the public internet so that it can validate the proper cert
These are both much less palatable than simply disabling the cert
validation if it's possible.

Thank you in advance for any assistance,

More information about the dovecot mailing list