Dovecot dsync 'ssl_client_ca'

Aki Tuomi aki.tuomi at dovecot.fi
Fri Feb 3 13:54:27 UTC 2017 

Yes. The ssl_client_ca_file is not actually expecting <, just file name.

Aki


On 2017-02-03 15:13, Thierry wrote:
> Hi,
>
> I have made change:
>
> ssl_protocols = !SSLv2 !SSLv3
> ssl = required
> verbose_ssl = no
> ssl_key = </etc/ssl/private/private.key
> ssl_cert = </etc/ssl/certs/key.crt
> ssl_client_ca_file = </etc/ssl/certs/GandiCA2.pem
>
>
> # Create a listener for doveadm-server
> service doveadm {
>    user = vmail
>    inet_listener {
>      port = 12345
>      ssl= yes
>    }
> }
>
> and  doveadm_port = 12345    // mail_replica = tcps:server2.domain.ltd # use doveadm_port
>
> And now:
>
> Feb 03 14:11:16 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:fopen:File name too long
> Feb 03 14:11:17 doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360
> Feb 03 14:11:17 doveadm: Error: Couldn't initialize SSL parameters, disabling SSL
>
> Thx for your support
>
>
>
>
> Le vendredi 3 février 2017 à 11:34:43, vous écriviez :
>
>> Hello,
>
>> On 02/03/2017 08:51 AM, Thierry wrote:
>>> Hello,
>>>
>>> Still working with my dsync pb.
>>> I have done a clone (vmware) of my email server.
>>> Today   I   have   two  strictly  identical  emails  servers (server1
>>> (main) and server2 (bck) (except IP, hostname and  mail_replica).
>>>
>>> The ssl config on my both server:
>>>
>>> ssl_protocols = !SSLv2 !SSLv3
>>> ssl = required
>>> verbose_ssl = no
>>> ssl_key = </etc/ssl/private/private.key
>>> ssl_cert = </etc/ssl/certs/key.crt
>>> ssl_ca = </etc/ssl/certs/GandiStandardSSLCA2.pem
>> I think it should be ssl_client_ca_file =
>> </etc/ssl/certs/GandiStandardSSLCA2.pem for you.
>
>>> This  config  is  working   for  my   email  client  and my email web
>>> interface ...
>>>
>>> Are they on the right order ?
>>>
>>> mail_replica = tcps:server1 at domain.ltd and tcps:server2 at domain.ltd
>>>
>>> There is trafic on my iptables rules on my both  servers:
>>>
>>> 60  3600 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4711
>>>
>>>
>>>
>>> My  error message from server1 (main server):
>>>
>>> Feb 03 08:38:08 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
>>> Feb 03 08:42:35 doveadm(user2 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
>>> Feb 03 08:42:35 doveadm(user3 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
>>> Feb 03 08:42:35 doveadm(user4 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
>>>
>>> No logs from server2
>>>
>>> Any ideas ?
>>>
>>> Thx for your support
>>>
>>>
>
>

More information about the dovecot mailing list