Citeren jean-christophe manciot <actionmystique@gmail.com>:
Hi everyone,
I'm trying to setup dovecot to accept only client certificates created with a private CA: auth_ssl_require_client_cert = yes ssl_verify_client_cert = yes ssl_ca = </etc/ssl/CA_Certificate_CRL_bundle.pem
This is wrong, you should enter your private CA here. If
'ssl_verify_client_cert' is not set to 'yes', this field should
generally be empty / not configured.
At the same time, dovecot is setup with an SSL certificate created by a public CA (let's encrypt): ssl = required ssl_cert = </etc/ssl/fullchain.pem ssl_key = </etc/ssl/key.pem
When I try to connect to the server with a client (evolution), I get a connection error: "Client did not present valid SSL certificate" except that it is valid.
As you probably already know, let's encrypt does not create client
certificates. It seems that using a different CA for client certificates and for the server certificate is unsupported.Am I missing something?