Note, the problem below also occurs with Thunderbird so it's something server
side, but the "what exactly" has me scractching my head...
On 11 Oct 2008 at 23:43, Harondel J. Sibble wrote:
>
>
> On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote:
>
> > What is important: you can not sel
On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote:
> What is important: you can not self-sign each client certificate, but
> you need a CA with a self-signed root instead. I think you understand
> that already, just noting that for completeness.
> Then you simply configure Dovecot as des
On 9 Oct 2008 at 20:33, Timo Sirainen wrote:
> My guess would be that your client just doesn't support sending SSL
> client certificates. Or perhaps you'd need to configure it to do it
> somehow.
Well contrary to what WebIS tech support says, that looks to be the case as
the same client cert i
On 9 Oct 2008 at 20:33, Timo Sirainen wrote:
> v1.1 logs more with verbose_ssl=yes.
1.0.7 doesn't log anything other than the initial connection :-( Guess it's
time to upgrade
> > 2239561866 - 2008.10.9 16:11:54 R 1 NO Client didn't present valid SSL
> > certificate
Note, this was the log
On Thu, 2008-10-09 at 10:14 -0700, Harondel J. Sibble wrote:
> > Oct 8 01:00:55 myserver dovecot: Dovecot v1.0.7 starting up
v1.1 logs more with verbose_ssl=yes.
> 2239561866 - 2008.10.9 16:11:54 R 1 NO Client didn't present valid SSL
> certificate
My guess would be that your client just doesn
On 8 Oct 2008 at 1:05, Harondel J. Sibble wrote:
> auth default {
> # Space separated list of wanted authentication mechanisms:
> # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
> mechanisms = plain
> ssl_require_client_cert = yes
>
> ssl_ca_file = /etc/pki/dovecot/ce
On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote:
> What is important: you can not self-sign each client certificate, but you
> need
> a CA with a self-signed root instead. I think you understand that already,
> just noting that for completeness.
>
> Then you simply configure Dovecot a
Thanks, your detailed instructions were EXACTLY what I was looking for, I'll
try them out and report back in a few days with the results.
On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote:
> Then you simply configure Dovecot as described in
> http://wiki.dovecot.org/SSL/DovecotConfigurat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Oct 03, 2008 at 07:18:46PM +0300, Timo Sirainen wrote:
> On Oct 2, 2008, at 6:59 AM, Harondel J. Sibble wrote:
>
>>> Dovecot does have to trust the signing cert for the clients (i.e. it
>>> can't
>>> just be looking at some default bundle of c
On Oct 2, 2008, at 6:59 AM, Harondel J. Sibble wrote:
Dovecot does have to trust the signing cert for the clients (i.e.
it can't
just be looking at some default bundle of commercial CA's) but
that's not
really connected to its server cert.
Yes, I thought so and that is exactly the crux of
On 1 Oct 2008 at 10:37, Bill Cole wrote:
> I've heard so many conflicting stories about the X509/SSL/TLS capabilities
> of different mobile platforms that I don't know what to believe.
I've got direct experience with a bunch of the platforms, so I am not all
that concerned about that problem.
Harondel J. Sibble wrote:
On 29 Sep 2008 at 10:43, Bill Cole wrote:
Right. You need to keep track of what client certs you trust, so you really
should be *at least* the immediate issuer (signer) of the client certs. The
only reasons you would want your signing cert for those client certs to ha
On 29 Sep 2008 at 10:43, Bill Cole wrote:
> Right. You need to keep track of what client certs you trust, so you really
> should be *at least* the immediate issuer (signer) of the client certs. The
> only reasons you would want your signing cert for those client certs to have
> a commercial issu
Harondel J. Sibble wrote:
On 27 Sep 2008 at 13:22, mouss wrote:
if you have a commercial cert, you don't need a self signed cert. self
signed certs are for people who don't want to get a cert signed by a 3d
party (commercial or other). For email, you generally don't need a
commercial certifi
Harondel J. Sibble wrote:
On 27 Sep 2008 at 13:22, mouss wrote:
if you have a commercial cert, you don't need a self signed cert. self
signed certs are for people who don't want to get a cert signed by a 3d
party (commercial or other). For email, you generally don't need a
commercial certifi
On Saturday 27 September 2008 03:43:19 Harondel J. Sibble wrote:
> I've read the client ssl cert section in the wiki and it talks about using
> a self signed cert, if I am using a commercial cert, in this case godaddy,
> how do I implement a self signed cert for the client side and have dovecot
> m
On 27 Sep 2008 at 13:22, mouss wrote:
> if you have a commercial cert, you don't need a self signed cert. self
> signed certs are for people who don't want to get a cert signed by a 3d
> party (commercial or other). For email, you generally don't need a
> commercial certificate because your u
Harondel J. Sibble wrote:
I've read the client ssl cert section in the wiki and it talks about using a
self signed cert, if I am using a commercial cert, in this case godaddy, how
do I implement a self signed cert for the client side and have dovecot make
use of this? I know the mechanics of s
I've read the client ssl cert section in the wiki and it talks about using a
self signed cert, if I am using a commercial cert, in this case godaddy, how
do I implement a self signed cert for the client side and have dovecot make
use of this? I know the mechanics of setting up the self signed c
19 matches
Mail list logo
