[Dovecot] IMAPS: Disable SSL connection without client certificate
Ireneusz Szcześniak
irek.szczesniak at gmail.com
Sat Jun 29 22:54:38 EEST 2013
Reindl, thanks again for your email, but now I realize that perhaps
you misunderstood my problem. I have got the SSL working with the
config presented in my first post. The problem is that I'm surprised
that Dovecot lets clients establish an SSL connection even when the
client doesn't present a certificate. I don't want clients without a
valid certificate even establish an SSL connection.
On 28.06.2013 23:34, Reindl Harald wrote:
> Am 28.06.2013 23:31, schrieb Ireneusz Szcześniak:
>> I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only,
>> and I'm using Thunderbird to access my mail.
>>
>> I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I
>> configure my Thunderbird for SSL/TLS connection with normal password. It works fine.
>>
>> However, with my config anybody can connect to my server without presenting a certificate
>
> google "dovecot ssl client certificate" leads to
> http://wiki.dovecot.org/SSL/DovecotConfiguration
>
> well, this is for dovecot 1.x, but have you tried it?
>
> Client certificate verification/authentication
> If you want to require clients to present a valid SSL certificate, you'll need these settings:
>
> ssl_ca_file = /etc/ssl/ca.pem
> ssl_verify_client_cert = yes
> auth default {
> ssl_require_client_cert = yes
> ..
> }
--
Ireneusz (Irek) Szczesniak
http://www.irkos.org
More information about the dovecot
mailing list