On Thu, 2007-03-08 at 13:51 +0100, Leroy van Logchem wrote:
Q1) I can't get ssl_verify_client_cert=yes working. The ssl key and cert are signed using our CA. Also the ssl_ca_file has a CRL appended (no revokes yet).
Expected behavior: Stop the SSL (the client doesn't have a cert installed)
Current behavior: Mail clients accepts SSL and login succeeds. (both Evolution and Thunderbird).
My bad? Please advise.
You'll also need to set ssl_require_client_cert=yes in auth section. I added that now to ssl_verify_client_cert's comments.
Q2) The next step, if dovecot blocks the client because of the verify_client_cert, how to create certs for OE, Evolution and Thunderbird?
I don't think most clients support SSL client certificates at all, although I know some people are using them with some clients.. Maybe someone could add a list of the clients supporting them into wiki.