[Dovecot] courier-imap to dovecot-imap migration: missing TLS_TRUSTCERTS feature
Hi,
I'm attempting an one-to-one migration from courier-imap to dovecot-imap.
current state:
Imap-server has a self signed certificate
Every client/user has a self signed client certificate that is used for SSL/TLS client authentication.
All certificates are self signed "standalone" cerfificates - no CA hierarchy/structure is made.
With courier-imap we could just put every client certificate into a trusted cert file (or hashed directory for a larger number of clients) and courier-imap would check that through TLS_TRUSTCERTS.
I would like to keep the current appproach and avoid the whole mini CA setup - that way I can also avoid reissuing new certs to all existing users.
Question: can a similar setup be achieved with dovecot-imap ?
I've already made numerous attempts with no luck.
As far as I can see dovecot-imap does not seem to implement the concept of checking trusted (self signed standalone client) certs - even though it is based on openssl like courier-imap is - but I may be wrong here.
I'm using dovecot-2.0.7 (from ports) on FreeBSD
Thanks in advance.
Kind regards Uffe Jakobsen
On Wed, 2011-01-19 at 11:46 +0100, Uffe Jakobsen wrote:
All certificates are self signed "standalone" cerfificates - no CA hierarchy/structure is made.
With courier-imap we could just put every client certificate into a trusted cert file (or hashed directory for a larger number of clients) and courier-imap would check that through TLS_TRUSTCERTS.
I would like to keep the current appproach and avoid the whole mini CA setup - that way I can also avoid reissuing new certs to all existing users.
Question: can a similar setup be achieved with dovecot-imap ?
Doesn't this work?
ssl_ca = </etc/dovecot/all-client-certs.pem
participants (2)
-
Timo Sirainen
-
Uffe Jakobsen