Dear List

I've successfully installed/configured dovecot 1.2.10 with "require client cert" on centos 5.4 and ubuntu server 9.10

I also need to install on centos 4.8 and after the following the exact same procedure I can only get it working if I commented out ssl_require_client_cert =yes and ssl_username_from_cert = yes from the working config file.

This is even after compiling dovecot with openssl 0.9.8l on centos 4.8

If I copy the same "client_ca.crt" from centos 4.8 to centos 5.4 then centos 5.4 does not problem in verifying client cert.

That file contain CRL as well as certificate which signs the pkcs12 file installed on the client.

The following log entries do not appear on centos 5.4

Feb 27 21:17:33 localhost dovecot: pop3-login: Invalid certificate: unable to get certificate CRL: /C=US/ST=New York/L=Astoria/O=SnakeOil Inc./OU=Email Administration/CN=web@example.com Feb 27 21:17:33 localhost dovecot: pop3-login: Valid certificate: /C=US/ST=NY/L=TEST/O=Internet Widgits Pty Ltd

$ dovecot -n

# OS: Linux 2.6.9-89.0.20.EL i686 CentOS release 4.8 (Final) ext3 base_dir: /var/run/dovecot/ protocols: pop3 listen: 192.168.0.110 ssl_ca_file: /etc/pki/certs/dovecot/client_ca.crt ssl_cert_file: /etc/pki/certs/vrane.com/pop.crt ssl_key_file: /etc/pki/private/vrane.com/pop.key ssl_parameters_regenerate: 29 ssl_verify_client_cert: yes verbose_ssl: yes login_dir: /var/run/dovecot//login login_executable: /usr/libexec/dovecot/pop3-login mail_location: maildir:/home/vmail/%d/%n mail_executable: /usr/libexec/dovecot/pop3 mail_plugin_dir: /usr/lib/dovecot/pop3 auth default: user: squab debug: yes ssl_require_client_cert: yes ssl_username_from_cert: yes passdb: driver: passwd-file args: /etc/dovecot/shadow/%d userdb: driver: static args: uid=2000 gid=2000 home=/home/vmail/%d/%n socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix