SSL error
Alexander Dalloz
ad+lists at uni-x.org
Wed Nov 9 18:19:30 UTC 2022
Am 09.11.2022 um 18:30 schrieb hi at zakaria.website:
> On 2022-11-09 16:59, Alexander Dalloz wrote:
>> Am 09.11.2022 um 15:58 schrieb Ruben Safir:
>>> Hello
>>>
>>> I am getting this error and I have no idea why. openssh is upto date
>>
>> You have a self-signed certificate in place. The connecting client
>> cannot valide whether to trust to answering server.
>>
>> Alexander
>
> Try to run the following against the client certificate full chain and
> cert file:-
>
> ope nssl verify -CAfile fullchain.pem cert.pem
>
> if it did throw an error then try verifying with an updated CA
> certificates bundle directly from OS using the following which works
> with me in RHEL7:-
>
> y um reinstall ca-certificatesupdate-ca-trust
>
> Or if already installed.
>
> update-ca-trust.
>
> Given you are using a self signed certificate, I guess, you will have to
> append manually the CA certificate, which you've used to sign the self
> signed client certificate in CA bundle PEM file i.e. tls-ca-bundle.pem.
> Also, you will have to reference the CA file in dovecot using the
> following:-
>
> ssl_client_ca_file = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> ssl_verify_client_cert = yes
>
> Good luck.
>
> Zakaria.
That's pointless as the certificate hasn't been issued by Let's Encrypt.
Alexander
More information about the dovecot
mailing list