I forgot to mention the certificate is signed by my private root
certification authority. Could this be related? Should the authority
certificate be configured somewhere in dovecot?
Thanks
Marek
stvrtok 20. novembra 2025, 15:42, Marek Gresko
<[email protected]> napisal/a:
Hello,
after upgrading from Fedora 42 to Fedora 43 the dovecot got upgraded to
version 2.4.
I tweaked the configuration, dovecot starts, but when client is trying
to connect to imap, I get:
imap-login: Error: Failed to initialize SSL connection: Couldn't
initialize SSL server context: Can't load SSL certificate
(ssl_server_cert_file setting): error:0A00018F:SSL routines
::ee key too small:
I tried replacing 2048 bits RSA with 4096 bits RSA, I tried to not use
the dh.pem file (I read somewhere it is not neede any more), I deleted
/var/lib/dovecot/ssl-parameters.dat file, but still the same error.
Where should I look next?
My ssl config:
ssl = required
#ssl_server_dh_file = /etc/dovecot/dh.pem
ssl_server {
#ssl_server_dh_file = /etc/dovecot/dh.pem
ssl_server_cert_file = /somewhere/dovecot.pem
ssl_server_key_file = /somewhere/dovecot.pem
prefer_ciphers = server
}
ssl_min_protocol = TLSv1.2
ssl_cipher_list = PROFILE=SYSTEM
#ssl_verify_client_cert = no
#ssl_prefer_server_ciphers = no
Thanks
Marek
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
