RE: ee key too small

Thu, 20 Nov 2025 07:31:00 -0800 

   Hi!

   Your private key must be large enough.

   Aki

     On 20/11/2025 17:07 EET Marek Gresko via dovecot
     <[1][email protected]> wrote:


     I tried even with root ca and the same result.

     Marek





     Odoslane pomocou bezpecneho emailu Proton Mail.

     stvrtok 20. novembra 2025, 16:04, Marek Gresko
     <[2][email protected]> napisal/a:


       Including root CA?

       Marek





       Odoslane pomocou bezpecneho emailu Proton Mail.


       stvrtok 20. novembra 2025, 15:51, Marc [3][email protected]
       napisal/a:


         You have to put full chain in the cert


           I forgot to mention the certificate is signed by my private root
           certification authority. Could this be related? Should the
           authority
           certificate be configured somewhere in dovecot?

           Thanks

           Marek

           stvrtok 20. novembra 2025, 15:42, Marek Gresko
           [4][email protected] napisal/a:


             Hello,

             after upgrading from Fedora 42 to Fedora 43 the dovecot got
             upgraded
             to version 2.4.

             I tweaked the configuration, dovecot starts, but when client is
             trying
             to connect to imap, I get:

             imap-login: Error: Failed to initialize SSL connection: Couldn't
             initialize SSL server context: Can't load SSL certificate
             (ssl_server_cert_file setting): error:0A00018F:SSL routines
             ::ee key too small:

             I tried replacing 2048 bits RSA with 4096 bits RSA, I tried to
             not use
             the dh.pem file (I read somewhere it is not neede any more), I
             deleted
             /var/lib/dovecot/ssl-parameters.dat file, but still the same
             error.

             Where should I look next?

             My ssl config:

             ssl = required

             #ssl_server_dh_file = /etc/dovecot/dh.pem

             ssl_server {
             #ssl_server_dh_file = /etc/dovecot/dh.pem
             ssl_server_cert_file = /somewhere/dovecot.pem
             ssl_server_key_file = /somewhere/dovecot.pem
             prefer_ciphers = server
             }

             ssl_min_protocol = TLSv1.2

             ssl_cipher_list = PROFILE=SYSTEM

             #ssl_verify_client_cert = no
             #ssl_prefer_server_ciphers = no

             Thanks

             Marek

     _______________________________________________
     dovecot mailing list -- [5][email protected]
     To unsubscribe send an email to [6][email protected]

References

   Visible links
   1. mailto:[email protected]
   2. mailto:[email protected]
   3. mailto:[email protected]
   4. mailto:[email protected]
   5. mailto:[email protected]
   6. mailto:[email protected]
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to