Disable ssl validation for replication?

Joseph Tam jtam.home at gmail.com
Thu Dec 21 03:27:34 EET 2017


Joseph Ward writes:

> I'm aware of at least a couple of fallback options:
> ??? -have a self-signed cert for replication and use the Let's Encrypt
> one for IMAP/POP
> ??? - create firewall rules allowing them to connect to each other over
> the public internet so that it can validate the proper cert
> ?
> These are both much less palatable than simply disabling the cert
> validation if it's possible.

Maybe instead of disabling the check, appease it by supplying (in
/etc/hosts) an alternate mapping of the FQDN subject of your certificate
to your internal IP:

 	10.x.x.x        your.sync.target

Joseph Tam <jtam.home at gmail.com>


More information about the dovecot mailing list