On Fri, 16 Jan 2015, Patrick Goetz wrote:
Whenever I run; e.g.
imtest -t "" mail.spinningwheel.org
(or basically any TLS connection) the following error is logged:
TLS server engine: No CA file specified. Client side certs may not work
I first noticed this on a couple of 2.3.16 installs, but now the same thing
is happening in 2.4.17. Everything was working on the 2.3.16 systems, so I
didn't bother with it, but this time around I'm trying to track down every
possible configuration issue.
Note that it doesn't seem to make any difference how I set up the TLS
configuration in imapd.conf, this error message persists.
Is there any way to make this go away, or is this one of the things that will
get magically fixed in 2.5?
I forget which one of these two settings fixed it, but I have:
tls_ca_file: /etc/ssl/certs/InCommon_Server_CA.pem
tls_ca_path: /etc/ssl/certs
I am not actually processing client side certs.
Actually, the InCommon_Server_CA.pem is our intermediate certificate, so
we had to specify that anyways. Try setting one or both of those
parameters in imapd.conf. Point them at a CA bundle file or directory.
Andy
