Dovecot dsync 'ssl_client_ca'

[Mike Fröhner]

Hello,


On 02/03/2017 08:51 AM, Thierry wrote:
> Hello,
>
> Still working with my dsync pb.
> I have done a clone (vmware) of my email server.
> Today   I   have   two  strictly  identical  emails  servers (server1
> (main) and server2 (bck) (except IP, hostname and  mail_replica).
>
> The ssl config on my both server:
>
> ssl_protocols = !SSLv2 !SSLv3
> ssl = required
> verbose_ssl = no
> ssl_key = </etc/ssl/private/private.key
> ssl_cert = </etc/ssl/certs/key.crt
> ssl_ca = </etc/ssl/certs/GandiStandardSSLCA2.pem

I think it should be ssl_client_ca_file = 
</etc/ssl/certs/GandiStandardSSLCA2.pem for you.


>
> This  config  is  working   for  my   email  client  and my email web
> interface ...
>
> Are they on the right order ?
>
> mail_replica = tcps:server1 at domain.ltd and tcps:server2 at domain.ltd
>
> There is trafic on my iptables rules on my both  servers:
>
> 60  3600 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4711
>
>
>
> My  error message from server1 (main server):
>
> Feb 03 08:38:08 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
> Feb 03 08:42:35 doveadm(user2 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
> Feb 03 08:42:35 doveadm(user3 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
> Feb 03 08:42:35 doveadm(user4 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
>
> No logs from server2
>
> Any ideas ?
>
> Thx for your support
>
>