SSL error after upgrading to 2.31

Hauke Fath hf at spg.tu-darmstadt.de
Fri Jun 1 18:00:32 EEST 2018


On 05/30/18 10:41, A. Schulze wrote:
> In the third case an administrator has to provide files with 
> certificates. And these files are required (by best practice)

Do you have any pointers to support such a strong statement?

> to include any chain-certificates excluding the self signed root.

Our upstream CA surely does not ship the signed certs that way. It 
could, and that would support your statement - but it doesn't.

> There is no reason to only provide a certificate via ssl_cert = </path/to/file 
> 
> and an new/other place to provide intermediates.

Yes, there is. It saves manipulating the signed server cert, and mirrors 
the fact that the intermediate CA certs have a longer lifetime than the 
server cert.

Cheerio,
hauke

-- 
      The ASCII Ribbon Campaign                    Hauke Fath
()     No HTML/RTF in email	        Institut für Nachrichtentechnik
/\     No Word docs in email                     TU Darmstadt
      Respect for open standards              Ruf +49-6151-16-21344


More information about the dovecot mailing list