[Dovecot] SSL and certificate authorities.
Matthew Reimer
mreimer at vpop.net
Tue Nov 25 17:54:52 EET 2003
Zach Bagnall wrote:
> On Thu, 20 Nov 2003 18:28:51 +0200, Timo Sirainen <tss at iki.fi> wrote:
>
>>What exactly does this patch do? Gives client a list of accepted CAs,
>>but it doesn't look like it actually requires client to provide a
>>valid certificate?
>
>
> On Tue, 18 Nov 2003 11:03:08 +1300, James Tyson <james at giantrobot.co.nz>
> wrote:
>
>>Also, is there a configuration directive for dovecot to add the
>>issuers ca bundle similar to apache's SSLCACertificateFile?
>
>
> I'm no SSL expert, but I took the requested feature to be a way to "make
> additional certificates available in order to complete a certificate
> chain".
I had trouble with an instantssl cert, and found that what I needed to
do was to also include all the certs up the chain in the .pem file, in a
certain order, to keep the client from complaining about an invalid
certificate. The first certificate in the pem file should be the the
server certificate, followed by its chain starting from the root
certificate down. Works for me without the need for patches (though
something like SSLCACertificateFile would be nice).
Matt
More information about the dovecot
mailing list