> > It is - that's just "belt and braces" stuff (also known as "defence in > depth" :-) )
It is good to limit to just your own ca. I do this with the ldap. Was just not expecting it from someone having users stored in mariadb and having virtual users and then worrying about CA's credibility. If you use a .local you already skip the regular stuff and you only need to worry about intelligence agencies. > My *real* issue (if I understand things correctly - which, there's a > significant chance that I don't) is telling dovecot which TLS > certificate to use to connect to the MariaDB back-end. I don't know, would be even surprised if they support such a thing. That is why I have unix users that is all optimized for this type of stuff and any default application works fine like this. > Mind you, that's *not* the same cert that the users use to connect to > dovecot :-) I was guessing that ;) _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
