submission proxy -- where to config/present client cert?
PGNet Dev
pgnet.dev at gmail.com
Mon Jul 20 18:09:09 EEST 2020
On 7/20/20 4:42 AM, Siavash Tavakoli wrote:
>
> On 19/07/2020 18:18, PGNet Dev wrote:
>>
>> What in my dovecot submission config^^ do I need to change/add to get it to 'present' a client cert to the postfix relay for client cert verification?
>>
>
> Submission uses the global outgoing ssl settings:
>
> https://doc.dovecot.org/settings/core/#ssl-client-cert
> https://doc.dovecot.org/settings/core/#ssl-client-key
well _that_ should have been obvious ... sigh.
works perfectly.
thx!
it might be useful to have those client cert/key mentioned in the 'example' 10-ssl.conf,
grep ssl_client conf.d/10-ssl.conf
# RedHat-based systems. Note that ssl_client_ca_file isn't recommended with
#ssl_client_ca_dir =
#ssl_client_ca_file =
#ssl_client_require_valid_cert = yes
and, a minor typo @ https://doc.dovecot.org/settings/core/#ssl-client-key
ssl_client_key
Default: <empty>
Client certificate private key used in outgoing SSL connections.
Example Setting:
ssl_client_cert = </etc/dovecot/dovecot-client.crt
should be
- ssl_client_cert = </etc/dovecot/dovecot-client.crt
+ ssl_client_key = </etc/dovecot/dovecot-client.key
thanks again!
More information about the dovecot
mailing list