Dovecot proxy ignores trusted root certificate store

Andrew McN andrew at
Mon Sep 21 11:45:29 UTC 2015

On 21/09/15 17:28, Alex Bulan wrote:
> The result is the same with or without "<" before the file path.  With
> "<" the inode atime is updated at Dovecot startup, so the file is at
> least opened, but Dovecot still can't verify the cert.
> The only place in the Wiki that shows an example of ssl_client_ca_file
> is on this page, and there's no "<" in front of the file path:
> (quote)
> The client must be able to verify that the SSL certificate is valid, so
> you need to specify the directory containing valid SSL CA roots:
> ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu
> ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat
> (end quote)

Suggesting that on Redhat you should specify "the directory containing
valid SSL CA roots" by setting ssl_client_ca_file sounds kinda crazy.
Sounds like setting a file instead.  So that bit of documentation should
be treated as rather suspect.


More information about the dovecot mailing list