[Dovecot] IMAPS: Disable SSL connection without client certificate

Reindl Harald h.reindl at thelounge.net
Tue Jul 2 13:20:37 EEST 2013

Am 29.06.2013 15:54, schrieb Charles Marcus:
>>> well, this is for dovecot 1.x, but have you tried it?
>>> Client certificate verification/authentication
>>> If you want to require clients to present a valid SSL certificate, you'll need these settings:
>>> ssl_ca_file = /etc/ssl/ca.pem
>>> ssl_verify_client_cert = yes
>>> auth default {
>>>    ssl_require_client_cert = yes
>>>    ..
>>> }
>> Thanks for your email.  Yes, I looked before at that website before. I'm using these options with Dovecot 2.1.8,
>> among others:
>> auth_ssl_require_client_cert = yes
>> ssl_verify_client_cert = yes
>> ssl_ca = </etc/ssl/certs/cacertcrl.pem
> I'm not sure why Reindl pointed you to the 1.x docs when you are using 2.x...

because it is a good start-point and i do not need the feature
and in this case it should be enough that i start to google
for others at all

however, if you would have followed this thread you would have
realized that the OP demaned technical impossible things like
"uhm openssl should reject the connction without cert before
running any dovecot code"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130702/b456625c/attachment.bin>

More information about the dovecot mailing list