Disable ssl validation for replication?
Joseph Ward
jbwlists at hilltopgroup.com
Thu Dec 21 16:56:53 EET 2017
I'd considered doing it at the internal DNS server level which I wasn't
a fan of because it's a separate server's config that I'd have to rely
on to make sure this server was working. The thought of the local hosts
file slipped my mind. That is a good idea; it meets my needs, and keeps
everything in the same "create mail server" ansible file.
Thank you!
-Joseph
On 12/20/2017 20:27, Joseph Tam wrote:
> Joseph Ward writes:
>
>> I'm aware of at least a couple of fallback options:
>> ??? -have a self-signed cert for replication and use the Let's Encrypt
>> one for IMAP/POP
>> ??? - create firewall rules allowing them to connect to each other over
>> the public internet so that it can validate the proper cert
>> ?
>> These are both much less palatable than simply disabling the cert
>> validation if it's possible.
>
> Maybe instead of disabling the check, appease it by supplying (in
> /etc/hosts) an alternate mapping of the FQDN subject of your certificate
> to your internal IP:
>
> 10.x.x.x your.sync.target
>
> Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list