Including root CA? Marek
Odoslané pomocou bezpečného emailu Proton Mail. štvrtok 20. novembra 2025, 15:51, Marc <[email protected]> napísal/a: > You have to put full chain in the cert > > > I forgot to mention the certificate is signed by my private root > > certification authority. Could this be related? Should the authority > > certificate be configured somewhere in dovecot? > > > > Thanks > > > > Marek > > > > štvrtok 20. novembra 2025, 15:42, Marek Greško > > [email protected] napísal/a: > > > > > Hello, > > > > > > after upgrading from Fedora 42 to Fedora 43 the dovecot got upgraded > > > to version 2.4. > > > > > > I tweaked the configuration, dovecot starts, but when client is trying > > > to connect to imap, I get: > > > > > > imap-login: Error: Failed to initialize SSL connection: Couldn't > > > initialize SSL server context: Can't load SSL certificate > > > (ssl_server_cert_file setting): error:0A00018F:SSL routines > > > ::ee key too small: > > > > > > I tried replacing 2048 bits RSA with 4096 bits RSA, I tried to not use > > > the dh.pem file (I read somewhere it is not neede any more), I deleted > > > /var/lib/dovecot/ssl-parameters.dat file, but still the same error. > > > > > > Where should I look next? > > > > > > My ssl config: > > > > > > ssl = required > > > > > > #ssl_server_dh_file = /etc/dovecot/dh.pem > > > > > > ssl_server { > > > #ssl_server_dh_file = /etc/dovecot/dh.pem > > > ssl_server_cert_file = /somewhere/dovecot.pem > > > ssl_server_key_file = /somewhere/dovecot.pem > > > prefer_ciphers = server > > > } > > > > > > ssl_min_protocol = TLSv1.2 > > > > > > ssl_cipher_list = PROFILE=SYSTEM > > > > > > #ssl_verify_client_cert = no > > > #ssl_prefer_server_ciphers = no > > > > > > Thanks > > > > > > Marek _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
