SSL error after upgrading to 2.31
Hauke Fath
hf at spg.tu-darmstadt.de
Fri Jun 1 18:00:32 EEST 2018
On 05/30/18 10:41, A. Schulze wrote:
> In the third case an administrator has to provide files with
> certificates. And these files are required (by best practice)
Do you have any pointers to support such a strong statement?
> to include any chain-certificates excluding the self signed root.
Our upstream CA surely does not ship the signed certs that way. It
could, and that would support your statement - but it doesn't.
> There is no reason to only provide a certificate via ssl_cert = </path/to/file
>
> and an new/other place to provide intermediates.
Yes, there is. It saves manipulating the signed server cert, and mirrors
the fact that the intermediate CA certs have a longer lifetime than the
server cert.
Cheerio,
hauke
--
The ASCII Ribbon Campaign Hauke Fath
() No HTML/RTF in email Institut für Nachrichtentechnik
/\ No Word docs in email TU Darmstadt
Respect for open standards Ruf +49-6151-16-21344
More information about the dovecot
mailing list