Note, the problem below also occurs with Thunderbird so it's something server side, but the "what exactly" has me scractching my head...
On 11 Oct 2008 at 23:43, Harondel J. Sibble wrote: > > > On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote: > > > What is important: you can not self-sign each client certificate, but > > you need a CA with a self-signed root instead. I think you understand > > that already, just noting that for completeness. > > Then you simply configure Dovecot as described in > > http://wiki.dovecot.org/SSL/DovecotConfiguration > > > To sum it up: ssl_cert_file is responsible for server side TLS/SSL and > > needs to contain the complete verification path for the server > > certificate. It has no influence on client certs. ssl_ca_file is used > > for client cert verification only, and does not need to cover the > > server certificate. > > Okay, got this mostly working, currently testing with a Nokia e61i > smartphone > and having a problem which I'm not quote clear on where it lies, phone > issue, > postfix issue or dovecot sasl issue > > Here's the problem, I can successfully authenticate to dovecot via imap > using > client certs, however when I attempt to send an email, that is giving me > errors as follows > > Oct 11 23:09:40 server postfix/smtpd[25720]: xsasl_dovecot_handle_reply: > auth > reply: FAIL?1?reason=Client didn't present valid SSL certificate > Oct 11 23:09:40 server postfix/smtpd[25720]: warning: > unknown[192.xxx.yyy.zzz]: SASL LOGIN authentication failed: Client didn't > present valid SSL certificate > Oct 11 23:09:40 server postfix/smtpd[25720]: > unknown[192.xxx.yyy.zzz]: 535 > 5.7.0 Error: authentication failed: Client didn't present valid SSL > certificate > > On the phone, there is only the self signed personal cert used to > authenticate for imap. Postfix is set to authenticate using the same self > signed CA, server cert and server key. > > Any ideas on what I should look at next? > > I've already wiped all the certs from both the server and the phone and > recreated a new CA, but same problem occurs. > > Kinda out of ideas, any suggestions? > -- > Harondel J. Sibble > Sibble Computer Consulting > Creating Solutions for the small and medium business computer user. > [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com > (604) 739-3709 (voice/fax) (604) 686-2253 (pager) > -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
