Including root CA?
Marek
Odoslané pomocou bezpečného emailu Proton Mail.
štvrtok 20. novembra 2025, 15:51, Marc <Marc@f1-outsourcing.eu> napísal/a:
You have to put full chain in the cert
I forgot to mention the certificate is signed by my private root certification authority. Could this be related? Should the authority certificate be configured somewhere in dovecot?
Thanks
Marek
štvrtok 20. novembra 2025, 15:42, Marek Greško marek.gresko@protonmail.com napísal/a:
Hello,
after upgrading from Fedora 42 to Fedora 43 the dovecot got upgraded to version 2.4.
I tweaked the configuration, dovecot starts, but when client is trying to connect to imap, I get:
imap-login: Error: Failed to initialize SSL connection: Couldn't initialize SSL server context: Can't load SSL certificate (ssl_server_cert_file setting): error:0A00018F:SSL routines ::ee key too small:
I tried replacing 2048 bits RSA with 4096 bits RSA, I tried to not use the dh.pem file (I read somewhere it is not neede any more), I deleted /var/lib/dovecot/ssl-parameters.dat file, but still the same error.
Where should I look next?
My ssl config:
ssl = required
#ssl_server_dh_file = /etc/dovecot/dh.pem
ssl_server { #ssl_server_dh_file = /etc/dovecot/dh.pem ssl_server_cert_file = /somewhere/dovecot.pem ssl_server_key_file = /somewhere/dovecot.pem prefer_ciphers = server }
ssl_min_protocol = TLSv1.2
ssl_cipher_list = PROFILE=SYSTEM
#ssl_verify_client_cert = no #ssl_prefer_server_ciphers = no
Thanks
Marek