[Dovecot] SSL and certificate authorities.

Matthew Reimer mreimer at vpop.net
Tue Nov 25 17:54:52 EET 2003


Zach Bagnall wrote:
> On Thu, 20 Nov 2003 18:28:51 +0200, Timo Sirainen <tss at iki.fi> wrote:
> 
>>What exactly does this patch do? Gives client a list of accepted CAs,
>>but it doesn't look like it actually requires client to provide a
>>valid certificate?
> 
> 
> On Tue, 18 Nov 2003 11:03:08 +1300, James Tyson <james at giantrobot.co.nz>
> wrote:
> 
>>Also, is there a configuration directive for dovecot to add the
>>issuers ca bundle similar to apache's SSLCACertificateFile?
> 
> 
> I'm no SSL expert, but I took the requested feature to be a way to "make
> additional certificates available in order to complete a certificate
> chain".

I had trouble with an instantssl cert, and found that what I needed to 
do was to also include all the certs up the chain in the .pem file, in a 
certain order, to keep the client from complaining about an invalid 
certificate. The first certificate in the pem file should be the the 
server certificate, followed by its chain starting from the root 
certificate down. Works for me without the need for patches (though 
something like SSLCACertificateFile would be nice).

Matt



More information about the dovecot mailing list