Hi, sorry, but I have not found any documentation on this: I see that I can add a CA certificate to TLS_TRUSTCERTS and then set TLS_VERIFYPEER to PEER to enable certificate authentication.
But with just that setup, if one client key is compromised, I have to change the complete CA. Is there a way to revoke a single certificate? I wouldn't mind to copy a revocation list to my server for this. The only other way I'm seeing is to use one CA per certificate ant that kind of defeats the purpose. Thank you, Lenz Weber PS: postfix seems to do it the other way round: they require a list of "accepted" client fingerprints. While that is suboptimal, too, it would be a solution that I can live with as I have a postfix/maildrop/courier setup and thus would have to maintain that list anyways. ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
