Note, the problem below also occurs with Thunderbird so it's something server side, but the "what exactly" has me scractching my head...
On 11 Oct 2008 at 23:43, Harondel J. Sibble wrote:
On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote:
What is important: you can not self-sign each client certificate, but you need a CA with a self-signed root instead. I think you understand that already, just noting that for completeness. Then you simply configure Dovecot as described in http://wiki.dovecot.org/SSL/DovecotConfiguration
To sum it up: ssl_cert_file is responsible for server side TLS/SSL and needs to contain the complete verification path for the server certificate. It has no influence on client certs. ssl_ca_file is used for client cert verification only, and does not need to cover the server certificate.
Okay, got this mostly working, currently testing with a Nokia e61i smartphone and having a problem which I'm not quote clear on where it lies, phone issue, postfix issue or dovecot sasl issue
Here's the problem, I can successfully authenticate to dovecot via imap using client certs, however when I attempt to send an email, that is giving me errors as follows
Oct 11 23:09:40 server postfix/smtpd[25720]: xsasl_dovecot_handle_reply: auth reply: FAIL?1?reason=Client didn't present valid SSL certificate Oct 11 23:09:40 server postfix/smtpd[25720]: warning: unknown[192.xxx.yyy.zzz]: SASL LOGIN authentication failed: Client didn't present valid SSL certificate Oct 11 23:09:40 server postfix/smtpd[25720]: > unknown[192.xxx.yyy.zzz]: 535 5.7.0 Error: authentication failed: Client didn't present valid SSL certificate
On the phone, there is only the self signed personal cert used to authenticate for imap. Postfix is set to authenticate using the same self signed CA, server cert and server key.
Any ideas on what I should look at next?
I've already wiped all the certs from both the server and the phone and recreated a new CA, but same problem occurs.
Kinda out of ideas, any suggestions?
Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
-- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. help@pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)