Received invalid SSL certificate: unable to get certificate CRL
Laura Smith
n5d9xq3ti233xiyif2vp at protonmail.ch
Tue Jan 25 10:48:00 UTC 2022
> just an idea, but maybe that's the problem?:
>
> https://doc.dovecot.org/configuration_manual/authentication/proxies/
>
> "Note
>
> ssl_client_ca_dir or ssl_client_ca_file aren’t currently used for verifying the
>
> remote certificate, although ideally they will be in a future Dovecot version. For
>
> now you need to add the trusted remote certificates to ssl_ca."
>
Hi Markus
Thanks for your suggestion, I have a couple of questions about it though.
First, my understanding from the docs was that ssl_client_ca_* were override parameters and that in the absence of the parameters, Dovecot would default to using OpenSSL defaults ? (And building on that, as per my manual tests, you can see OpenSSL returns an "OK" on the validation).
Second, I'm dealing with standard Let's Encrypt certs here, no private PKI certs here.
Laura
More information about the dovecot
mailing list