On 2022-11-09 16:59, Alexander Dalloz wrote:
Am 09.11.2022 um 15:58 schrieb Ruben Safir:
Hello
I am getting this error and I have no idea why. openssh is upto date
You have a self-signed certificate in place. The connecting client cannot valide whether to trust to answering server.
Alexander
Try to run the following against the client certificate full chain and cert file:-
ope nssl verify -CAfile fullchain.pem cert.pem
if it did throw an error then try verifying with an updated CA certificates bundle directly from OS using the following which works with me in RHEL7:-
y um reinstall ca-certificatesupdate-ca-trust
Or if already installed.
update-ca-trust.
Given you are using a self signed certificate, I guess, you will have to append manually the CA certificate, which you've used to sign the self signed client certificate in CA bundle PEM file i.e. tls-ca-bundle.pem. Also, you will have to reference the CA file in dovecot using the following:-
ssl_client_ca_file = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem ssl_verify_client_cert = yes
Good luck.
Zakaria.