hi all,
i've dovecot TLS working correctly w/ locally generated *RSA* CA cert, domain privkey & self-signed domain cert. to that end, my dovecot.conf includes:
ssl_key_file = /var/Security/mail.testdomain.com.privkey.rsa.pem ssl_cert_file = /var/Security/mail.testdomain.com.cert.rsa.pem ssl_ca_file = /var/Security/MyCertificateAuthority.CA.cert.rsa.pem ssl_verify_client_cert = no ssl_cipher_list = ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
however, if I try to setup for DSA use:
ssl_key_file = /var/Security/mail.testdomain.com.privkey.dsa.pem ssl_cert_file = /var/Security/mail.testdomain.com.cert.dsa.pem ssl_ca_file = /var/Security/MyCertificateAuthority.CA.cert.dsa.pem ssl_verify_client_cert = no ssl_parameters_file = /var/Security/dsaparam.pem ssl_parameters_regenerate = 0
an attempt @ dovecot launch results in a logged error of:
dovecot: Sep 11 11:58:43 Error: imap-login: Can't load private key file /var/Security/mail.testdomain.com.privkey.dsa.pem: error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key
wherein it looks like dovecot is _still_ seeking an RSA key.
fwiw,
% cat /var/Security/mail.testdomain.com.privkey.dsa.pem
-----BEGIN DSA PRIVATE KEY-----
...i've searched the dovecot wiki, and although the _only_ reference i find to dsa/diffie is @:
http://wiki.dovecot.org/moin.cgi/MainConfig
" ...
SSL parameter file. Master process generates this file for login processes. It contains Diffie Hellman and RSA parameters. ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat ... "
it does seem to imply that DSA certs are, at least, supported.
comments?
cheers,
richard