Indeed the problem was with ssl_ca_file. After your reply, i was able to fully understand how ssl authentication with x509 certificates works with dovecot.
Timo keep up the great job you are doing with dovecot. Thank you very much for your answer.
PS: I am working on a mini howto on this, and i would be happy to announce it on the list when it's complete (if that's ok with you)
Timo Sirainen wrote:
... openssl ca -gencrl -keyfile dovecot.key -cert dovecot.crt -out dovecot.crl -selfsign
What do you do with the dovecot.crl here? It's a client CRL and unless you add it to the Dovecot's CRL list it's not necessary. Also the -selfsign is ignored..
... ssl_ca_file: /opt/certificates/dovecot/dovecot.crl
This is probably where the problem is. This file must contain the CA certificate and the CRL, not just the CRL. And initially the CRL should be empty.
...
Evaggelos Balaskas Unix System Engineer - http://ebalaskas.gr/wiki Informatics Engineer Technological Education