On 09/21/2015 05:11 PM, Alex Bulan wrote:
On Mon, 21 Sep 2015, Edgar Pettijohn wrote:
doveconf -n?
doveconf -n|grep ssl should suffice:
ssl = required
shouldn't it be:
ssl = yes
I was only aware of the choice of yes or no here, but I could be wrong.
ssl_ca = </usr/local/share/certs/ca-root-nss.crt ssl_cert = </path/to/my/file.pem ssl_key = </path/to/my/file.pem ssl_require_crl = no
I'm using "ssl_ca = </usr/local/share/certs/ca-root-nss.crt" as a temporary workaround, even though this is not what ssl_ca is for. It happens to work, at least for now, but this is not a fix.
ssl_client_ca_file should be used instead, but it has no effect in proxy mode:
ssl_client_ca_file = /usr/local/share/certs/ca-root-nss.crt
This doesn't work either (and the Dovecot Wiki shows it used without "<"):
ssl_client_ca_file = </usr/local/share/certs/ca-root-nss.crt
And "ssl_require_crl = no" to silence "unable to get certificate CRL" log messages. I don't need it to check CRLs on the backend's certificate chain.