Please keep responses in list. rm -f /var/lib/dovecot/ssl-parameters.dat, i think it was in that dir.
On 2017-02-03 17:00, Thierry wrote:
Hi,
I have removed the '<' :
ssl_client_ca_file = /etc/ssl/certs/GandiCA2.pem
But now:
doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360 doveadm: Error: Couldn't initialize SSL parameters, disabling SSL doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360 doveadm: Error: Couldn't initialize SSL parameters, disabling SSL
Any idea ?
Thx
Yes. The ssl_client_ca_file is not actually expecting <, just file name. Aki
On 2017-02-03 15:13, Thierry wrote:
Hi,
I have made change:
ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = </etc/ssl/private/private.key ssl_cert = </etc/ssl/certs/key.crt ssl_client_ca_file = </etc/ssl/certs/GandiCA2.pem
# Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 ssl= yes } }
and doveadm_port = 12345 // mail_replica = tcps:server2.domain.ltd # use doveadm_port
And now:
Feb 03 14:11:16 doveadm(user1@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:fopen:File name too long Feb 03 14:11:17 doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360 Feb 03 14:11:17 doveadm: Error: Couldn't initialize SSL parameters, disabling SSL
Thx for your support
Le vendredi 3 février 2017 à 11:34:43, vous écriviez :
Hello, On 02/03/2017 08:51 AM, Thierry wrote:
Hello,
Still working with my dsync pb. I have done a clone (vmware) of my email server. Today I have two strictly identical emails servers (server1 (main) and server2 (bck) (except IP, hostname and mail_replica).
The ssl config on my both server:
ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = </etc/ssl/private/private.key ssl_cert = </etc/ssl/certs/key.crt ssl_ca = </etc/ssl/certs/GandiStandardSSLCA2.pem I think it should be ssl_client_ca_file = </etc/ssl/certs/GandiStandardSSLCA2.pem for you. This config is working for my email client and my email web interface ...
Are they on the right order ?
mail_replica = tcps:server1@domain.ltd and tcps:server2@domain.ltd
There is trafic on my iptables rules on my both servers:
60 3600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4711
My error message from server1 (main server):
Feb 03 08:38:08 doveadm(user1@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(user2@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(user3@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(user4@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
No logs from server2
Any ideas ?
Thx for your support