Thanks for your email. Yes, I looked before at that website before.
I'm using these options with Dovecot 2.1.8, among others:
auth_ssl_require_client_cert = yes
ssl_verify_client_cert = yes
ssl_ca = </etc/ssl/certs/cacertcrl.pem
On 28.06.2013 23:34, Reindl Harald wrote:
Am 28.06.2013 23:31, schrieb Ireneusz Szcześniak:
I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works
great. Dovecot serves IMAPS only,
and I'm using Thunderbird to access my mail.
I configured Dovecot to allow clients that present a valid certificate when
establishing SSL connection. I
configure my Thunderbird for SSL/TLS connection with normal password. It works
fine.
However, with my config anybody can connect to my server without presenting a
certificate
google "dovecot ssl client certificate" leads to
http://wiki.dovecot.org/SSL/DovecotConfiguration
well, this is for dovecot 1.x, but have you tried it?
Client certificate verification/authentication
If you want to require clients to present a valid SSL certificate, you'll need
these settings:
ssl_ca_file = /etc/ssl/ca.pem
ssl_verify_client_cert = yes
auth default {
ssl_require_client_cert = yes
..
}
--
Ireneusz (Irek) Szczesniak
http://www.irkos.org
