[Dovecot] IMAPS: Disable SSL connection without client certificate
Reindl Harald
h.reindl at thelounge.net
Sat Jun 29 00:34:50 EEST 2013
Am 28.06.2013 23:31, schrieb Ireneusz Szcześniak:
> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only,
> and I'm using Thunderbird to access my mail.
>
> I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I
> configure my Thunderbird for SSL/TLS connection with normal password. It works fine.
>
> However, with my config anybody can connect to my server without presenting a certificate
google "dovecot ssl client certificate" leads to
http://wiki.dovecot.org/SSL/DovecotConfiguration
well, this is for dovecot 1.x, but have you tried it?
Client certificate verification/authentication
If you want to require clients to present a valid SSL certificate, you'll need these settings:
ssl_ca_file = /etc/ssl/ca.pem
ssl_verify_client_cert = yes
auth default {
ssl_require_client_cert = yes
..
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130628/d4630075/attachment.bin>
More information about the dovecot
mailing list