Received invalid SSL certificate: unable to get certificate CRL

Markus Winkler ml at irmawi.de
Wed Jan 26 09:19:32 UTC 2022


Hi Laura,

On Wed, 26 Jan 2022 at 12:09:04AM +0000, Laura Smith wrote:
>‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>>
>> I thought that
>>
>> ssl_ca = </etc/ssl/certs/ca-certificates.crt
>>
>> is worth a try.
>
>
>Does ssl_ca even apply to dsync/imapc ?

as I wrote: I cannot test your scenario and the link to the documentation I sent was only a rough idea.

>Looking at the docs its all about client certificate authentication ? Something which does not apply to my environment, and even if it did, it 
>would not apply to dsync/imapc because I am initiating the connection, not the remote end ?

In my understanding this parameter is not only about client certificate authentication. If you want, then please have a look at this:

https://doc.dovecot.org/settings/core/#core_setting-ssl_ca

[...]
These CAs are also used by some processes for validating outgoing SSL connections, i.e. performing the same function as ssl_client_ca_file.
[...]

And that's why I wrote: it's worth a try (it takes only two minutes to test it ...). IMHO of course. If you don't want to test it, OK. But I have 
no further ideas, sorry.

Regards,
Markus



More information about the dovecot mailing list