[Dovecot] Dovecot and SSL certificates
M.-A. Lemburg
mal at egenix.com
Mon Jul 31 14:34:26 EEST 2006
HenkJan Wolthuis wrote:
> Hello,
>
>> Note that the certificates are all valid and have not expired.
>> The <user cert> is signed by the <CA cert> and we set
>> ssl_ca_file to the CA certificate PEM file.
>>
>>
>>
> CRL checking was introduced somewhere after beta8, if you use openssl >
> 0.9.7 the ssl_ca_file should contain the CAcertificate _and_ the CRL for
> your CA, both in PEM format. Hope this helps,
Thanks for the hint, HenkJan !
Adding the CRL PEM to the certificate file indeed fixes the problem
with ssl_require_client_cert = yes not working.
dovecot now reports valid certificates. The invalid certificate
notices are gone.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Jul 31 2006)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,FreeBSD for free ! ::::
More information about the dovecot
mailing list