Dovecot dsync 'ssl_client_ca'

Thierry lenaigst at maelenn.org
Fri Feb 3 13:13:12 UTC 2017 

Hi,

I have made change:

ssl_protocols = !SSLv2 !SSLv3
ssl = required
verbose_ssl = no
ssl_key = </etc/ssl/private/private.key
ssl_cert = </etc/ssl/certs/key.crt
ssl_client_ca_file = </etc/ssl/certs/GandiCA2.pem


# Create a listener for doveadm-server
service doveadm {
  user = vmail
  inet_listener {
    port = 12345
    ssl= yes
  }
}

and  doveadm_port = 12345    // mail_replica = tcps:server2.domain.ltd # use doveadm_port

And now:

Feb 03 14:11:16 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:fopen:File name too long
Feb 03 14:11:17 doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360
Feb 03 14:11:17 doveadm: Error: Couldn't initialize SSL parameters, disabling SSL

Thx for your support




Le vendredi 3 février 2017 à 11:34:43, vous écriviez :

> Hello,


> On 02/03/2017 08:51 AM, Thierry wrote:
>> Hello,
>>
>> Still working with my dsync pb.
>> I have done a clone (vmware) of my email server.
>> Today   I   have   two  strictly  identical  emails  servers (server1
>> (main) and server2 (bck) (except IP, hostname and  mail_replica).
>>
>> The ssl config on my both server:
>>
>> ssl_protocols = !SSLv2 !SSLv3
>> ssl = required
>> verbose_ssl = no
>> ssl_key = </etc/ssl/private/private.key
>> ssl_cert = </etc/ssl/certs/key.crt
>> ssl_ca = </etc/ssl/certs/GandiStandardSSLCA2.pem

> I think it should be ssl_client_ca_file = 
> </etc/ssl/certs/GandiStandardSSLCA2.pem for you.


>>
>> This  config  is  working   for  my   email  client  and my email web
>> interface ...
>>
>> Are they on the right order ?
>>
>> mail_replica = tcps:server1 at domain.ltd and tcps:server2 at domain.ltd
>>
>> There is trafic on my iptables rules on my both  servers:
>>
>> 60  3600 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4711
>>
>>
>>
>> My  error message from server1 (main server):
>>
>> Feb 03 08:38:08 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
>> Feb 03 08:42:35 doveadm(user2 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
>> Feb 03 08:42:35 doveadm(user3 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
>> Feb 03 08:42:35 doveadm(user4 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
>>
>> No logs from server2
>>
>> Any ideas ?
>>
>> Thx for your support
>>
>>



-- 
Cordialement,
 Thierry                            e-mail : lenaigst at maelenn.org

More information about the dovecot mailing list