I would like to use Client certificate verification/authentication.
My MTA used this function.
I've a problem to make a valid certificate.
For my MTA i used :
openssl req -new -nodes -x509 -keyout user_key.pem -out user_req.pem -days 365 openssl ca -out user_signed.pem -infiles user_req.pem openssl pkcs12 -in user_signed.pem -inkey user_key.pem -out user.p12 -export -name "user@hotsname"
user.p12 match in my MTA
Not in Dovecot... In my log, i've simply : dovecot: auth(default): Client didn't present valid SSL certificate
Also, in the documentation
The username is taken from the subject's DN's CommonName http://wiki.dovecot.org/CommonName field (using OpenSSL's X509_NAME_get_text_by_NID() function). But when i used openssl req -new -nodes -keyout user_key.pem -out user_req.pem -days 365 my common name is my hostname not my username. I don't think that the option -name user@hostname (in manpage openssl :: -name is friendly name)...
Sorry but it's ambiguous for me...