[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/52918: mail/dovecot does not supply intermediate CA certs
The following reply was made to PR pkg/52918; it has been noted by GNATS.
From: Filip Hajny <filip%joyent.com@localhost>
Subject: Re: pkg/52918: mail/dovecot does not supply intermediate CA certs
Date: Thu, 11 Jan 2018 17:20:50 +0100
> ssl_cert =3D </etc/openssl/certs/server.cert
> ssl_key =3D </etc/openssl/private/server.key
> ssl_ca =3D </etc/openssl/certs/ca-cert-chain.pem
The way I understand the docs, ssl_ca was intended for client =
certificate authentication only. In my years old config file, I still =
have the original upstream comment that says
"PEM encoded trusted certificate authority. Set this only if you intend =
to use ssl_verify_client_cert=3Dyes.=E2=80=9D
And I have always bundled my CA intermediate certificates with the one =
specified using ssl_cert, because that worked for me in the past.
I=E2=80=99d wait for a confirmation from upstream, it doesn=E2=80=99t =
feel like a reason to roll back though.
Main Index |
Thread Index |