[BlueOnyx:25144] Re: Quickfix for BO servers with certificates that are old or doesn't work anymore!!!
Maurice de Laat
mdlaat at muisnetwerken.nl
Thu Sep 30 14:42:08 -05 2021
Hi Michael,
Maurice combines the intermediate and the cert into the dovecot.pem,
> whereas we used to have the in separate files. After all, our
> /etc/dovecot/conf.d/10-ssl.conf tells Dovecot where to find the CA files
> (via the "ssl_ca" line):
>
> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
> ssl_key = </etc/pki/dovecot/private/dovecot.pem
> ssl_ca = </etc/pki/dovecot/certs/ca.pem
While working on this issue yesterday, I read this comment in dovecot's
10-ssl.conf file:
# Directory and/or file for trusted SSL CA certificates. These are used only
# when Dovecot needs to act as an SSL client (e.g. imapc backend).
So apparently the ca.pem is not used when dovecot acts as a server.
Which is why I added them in the dovecot.pem file
Kind regards
Maurice
More information about the Blueonyx
mailing list