[Dovecot] Client certificate verification/authentication

eizert eizert at free.fr
Tue May 29 13:06:30 EEST 2007

I would like to use Client certificate verification/authentication.

My MTA used this function.

I've a problem to make a valid certificate.

For my MTA i used :

openssl req -new -nodes -x509 -keyout user_key.pem -out  user_req.pem 
-days 365
openssl ca -out user_signed.pem -infiles user_req.pem
openssl pkcs12 -in user_signed.pem -inkey user_key.pem -out user.p12 
-export -name "user at hotsname"

user.p12 match in my MTA

Not in Dovecot...
In my log, i've simply :
dovecot: auth(default):  Client didn't present valid SSL certificate

Also, in the documentation

The username is taken from the subject's DN's CommonName 
<http://wiki.dovecot.org/CommonName> field (using OpenSSL's 
X509_NAME_get_text_by_NID() function).
But when i used
openssl req -new -nodes -keyout user_key.pem -out  user_req.pem -days 365
my common name is my hostname not my username.
I don't think that  the option -name user at hostname  (in manpage openssl 
::  -name is friendly name)...

Sorry but it's ambiguous for me...

More information about the dovecot mailing list