It is - that's just "belt and braces" stuff (also known as "defence in depth" :-) )
My *real* issue (if I understand things correctly - which, there's a significant chance that I don't) is telling dovecot which TLS certificate to use to connect to the MariaDB back-end.
Mind you, that's *not* the same cert that the users use to connect to dovecot :-)
On 25/1/25 22:07, Marc wrote:
I'm using a MariaDB backend to a Dovecot server, with TLS required by the MariaDB server for connections.
My sql_dovecot.conf.ext file is using the following connection line:
connect = host=mariadb.example.com dbname=mail_server user=vmail password={REDACTED} ssl_ca=/etc/pki/tls/certs/root_ca.crt.I can't work out from the doco or Google what else I need in that line, but I suspect it'll be something like:
ssl_cert=/etc/pki/tls/certs/vmail_rsa.pem ssl_key=/etc/pki/tls/certs/vmail_rsa.key.Could someone please confirm this and let me know the actual extra commands/options - thanks
Why not add your CA to the OS default?