Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)

Ralf Hildebrandt Ralf.Hildebrandt at charite.de
Mon Mar 20 16:40:44 EET 2017


* Aki Tuomi <aki.tuomi at dovecot.fi>:
> 
> 
> On 20.03.2017 14:30, Ralf Hildebrandt wrote:
> > ssl_client_ca_file = </etc/ssl/certs/ca-certificates.crt
> 
> Leave the < out. It is misleading, I know, but it does say file. =)

Makes no difference:

# doveconf |fgrep ssl_client_ca
ssl_client_ca_dir = 
ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt

and with auto8 I still get:

Mar 20 15:38:20 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)
Mar 20 15:38:20 mproxy dovecot: auth: Error: imapc(exchange-imap.charite.de:993): No SSL context
Mar 20 15:38:20 mproxy dovecot: auth: Error: imap(hildeb,141.42.206.36,<YWuNeipLKLGNKs4k>): Disconnected from server
Mar 20 15:38:20 mproxy dovecot: imap-login: Warning: Auth connection closed with 1 pending requests (max 0 secs, pid=52992, EOF)
Mar 20 15:38:20 mproxy dovecot: auth: Fatal: master: service(auth): child 52990 killed with signal 11 (core dumped)

going back to auto6 and everything is peachy again.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebrandt at charite.de | http://www.charite.de
	    


More information about the dovecot mailing list