HowTo : Secure all Kolab Services
kolab.user at use.startmail.com
kolab.user at use.startmail.com
Fri Apr 17 23:10:32 CEST 2015
tls_server_ca_file: <none>
Path to a file containing CA certificates used to verify certificates offered when
this server connects to other servers.
what does "this server connects to other servers" mean?
tls_ca_file: DEFAULT
Deprecated in favor of tls_client_ca_file.
this value was used in previous kolab 3.x instructions.
tls_client_ca_file: <none>
Path to a file containing the CA certificate(s) used to verify client SSL certificates
used for authentication.
tls_client_ca_file worked for me but when I tried tls_server_ca_file as instructed then.
I get "Verify return code: 21 (unable to verify the first certificate)"
On Friday, April 17, 2015 4:33 PM, Daniel Hoffend <dh at dotlan.net> wrote:
> Hello Kolab User
>
>>Cyrus IMAPD notes.
>>
>>1. tls_server_ca_file is not a correct variable name. according to man
>>imapd.conf correct value is tls_client_ca_file
>>2. there is no need to create a bundle for tls_client_ca_file value -
>>intermediate certificate is sufficient.
> In theory you don't need the server_ca_file or client_ca_file parameter
> anyway ... It's used for verify other servers or verify a client
> certificate is likely not used for not for anything else.
>
> Configuring tls_server_cert using a bundle certificate (server + chain)
> and tls_server_key is fully sufficent.
>
>
> --
> Regards
> Daniel
More information about the users
mailing list