Upgrading to v2.3.X breaks ssl san?

Joseph Tam jtam.home at gmail.com
Wed Aug 7 00:37:19 EEST 2019


On Tue, 6 Aug 2019, telsch wrote:

> if i cat ssl_ca and ssl_cert into one file and only use ssl_cert it's working with 2.3.X
> ssl_ca = </etc/ssl/ca-bundle.pem ssl_cert = </etc/ssl-imap.pem

In the words of Montoya, "I do not think it means what you think it
means", referring to "ssl_ca".  That file is not used to to establish
the trust chain to your server certificate, but rather, to your client's
certificates (e.g. if you run a local CA to issue user certificate
for mutual authentication, you would put your local CA certificate here).

(Maybe this config variable should be renamed "ssl_client_ca".)

Appending intermediate and server certificates is what you're supposed
to do.

Joseph Tam <jtam.home at gmail.com>


More information about the dovecot mailing list