2.3.17 update breaks dsync over tcps: Received invalid SSL certificate unable to get certificate CRL
Salatiel Filho
salatiel.filho at gmail.com
Fri Nov 12 21:19:00 UTC 2021
Hi,
I have updated dovecot from 2.3.16 (working flawless ) to 2.3.17 (
both Centos8 - community repo ) . Now dsync does not work anymore,
logs shows:
dovecot[30398]: doveadm(vmail): Error: Disconnected from remote:
Received invalid SSL certificate: unable to get certificate CRL:
/CN=imap.signed.with.my.own.ca(check ssl_client_ca_* settings?)
I have a certificate signed by my "own CA". Both hosts trust my CA,
and as I told previously, the configuration works just fine on 2.3.16.
I really was not expecting that a minor update would break things, but
2.3.17 appears to have broken the setup for some people here in the
maillists.
Is there a workaround for this? I have tried to set ssl_require_crl =
no , but nothing changed.
I have:
service doveadm {
inet_listener {
port = 26
ssl = yes
}
}
ssl = required
ssl_ca = </etc/ssl/certs/mail-cluster-communication_ca.pem
ssl_cert = </etc/ssl/certs/mail-cluster-communication.crt
ssl_key = # hidden, use -P to show it
Thanks!
Atenciosamente/Kind regards,
Salatiel
More information about the dovecot
mailing list