Hi,
I have removed it on both server and on both server I do have:
ssl-params: Info: Generating SSL parameters
ssl-params: Info: SSL parameters regeneration completed
But still:
Feb 03 16:36:28 doveadm: Error: Corrupted SSL parameters file in state_dir:
ssl-parameters.dat - disabling SSL 360
Feb 03 16:36:28 doveadm: Error: Couldn't initialize SSL parameters,
disabling SSL
Thx
Le vendredi 3 février 2017 à 17:09:52, vous écriviez :
> Please keep responses in list. rm -f
> /var/lib/dovecot/ssl-parameters.dat, i think it was in that dir.
> On 2017-02-03 17:00, Thierry wrote:
>> Hi,
>>
>> I have removed the '<' :
>>
>> ssl_client_ca_file = /etc/ssl/certs/GandiCA2.pem
>>
>> But now:
>>
>> doveadm: Error: Corrupted SSL parameters file in state_dir:
>> ssl-parameters.dat - disabling SSL 360
>> doveadm: Error: Couldn't initialize SSL parameters, disabling SSL
>> doveadm: Error: Corrupted SSL parameters file in state_dir:
>> ssl-parameters.dat - disabling SSL 360
>> doveadm: Error: Couldn't initialize SSL parameters, disabling SSL
>>
>> Any idea ?
>>
>> Thx
>>
>>> Yes. The ssl_client_ca_file is not actually expecting <, just file name.
>>> Aki
>>
>>> On 2017-02-03 15:13, Thierry wrote:
>>>> Hi,
>>>>
>>>> I have made change:
>>>>
>>>> ssl_protocols = !SSLv2 !SSLv3
>>>> ssl = required
>>>> verbose_ssl = no
>>>> ssl_key = </etc/ssl/private/private.key
>>>> ssl_cert = </etc/ssl/certs/key.crt
>>>> ssl_client_ca_file = </etc/ssl/certs/GandiCA2.pem
>>>>
>>>>
>>>> # Create a listener for doveadm-server
>>>> service doveadm {
>>>> user = vmail
>>>> inet_listener {
>>>> port = 12345
>>>> ssl= yes
>>>> }
>>>> }
>>>>
>>>> and doveadm_port = 12345 // mail_replica = tcps:server2.domain.ltd #
>>>> use doveadm_port
>>>>
>>>> And now:
>>>>
>>>> Feb 03 14:11:16 doveadm([email protected]): Error: sync: Couldn't
>>>> initialize SSL context: Can't load CA certs from directory :
>>>> error:02001024:system library:fopen:File name too long
>>>> Feb 03 14:11:17 doveadm: Error: Corrupted SSL parameters file in
>>>> state_dir: ssl-parameters.dat - disabling SSL 360
>>>> Feb 03 14:11:17 doveadm: Error: Couldn't initialize SSL parameters,
>>>> disabling SSL
>>>>
>>>> Thx for your support
>>>>
>>>>
>>>>
>>>>
>>>> Le vendredi 3 février 2017 à 11:34:43, vous écriviez :
>>>>
>>>>> Hello,
>>>>> On 02/03/2017 08:51 AM, Thierry wrote:
>>>>>> Hello,
>>>>>>
>>>>>> Still working with my dsync pb.
>>>>>> I have done a clone (vmware) of my email server.
>>>>>> Today I have two strictly identical emails servers (server1
>>>>>> (main) and server2 (bck) (except IP, hostname and mail_replica).
>>>>>>
>>>>>> The ssl config on my both server:
>>>>>>
>>>>>> ssl_protocols = !SSLv2 !SSLv3
>>>>>> ssl = required
>>>>>> verbose_ssl = no
>>>>>> ssl_key = </etc/ssl/private/private.key
>>>>>> ssl_cert = </etc/ssl/certs/key.crt
>>>>>> ssl_ca = </etc/ssl/certs/GandiStandardSSLCA2.pem
>>>>> I think it should be ssl_client_ca_file =
>>>>> </etc/ssl/certs/GandiStandardSSLCA2.pem for you.
>>>>>> This config is working for my email client and my email web
>>>>>> interface ...
>>>>>>
>>>>>> Are they on the right order ?
>>>>>>
>>>>>> mail_replica = tcps:[email protected] and tcps:[email protected]
>>>>>>
>>>>>> There is trafic on my iptables rules on my both servers:
>>>>>>
>>>>>> 60 3600 ACCEPT tcp -- * * 0.0.0.0/0
>>>>>> 0.0.0.0/0 tcp dpt:4711
>>>>>>
>>>>>>
>>>>>>
>>>>>> My error message from server1 (main server):
>>>>>>
>>>>>> Feb 03 08:38:08 doveadm([email protected]): Error: sync: Couldn't
>>>>>> initialize SSL context: Can't verify remote server certs without trusted
>>>>>> CAs (ssl_client_ca_* settings)
>>>>>> Feb 03 08:42:35 doveadm([email protected]): Error: sync: Couldn't
>>>>>> initialize SSL context: Can't verify remote server certs without trusted
>>>>>> CAs (ssl_client_ca_* settings)
>>>>>> Feb 03 08:42:35 doveadm([email protected]): Error: sync: Couldn't
>>>>>> initialize SSL context: Can't verify remote server certs without trusted
>>>>>> CAs (ssl_client_ca_* settings)
>>>>>> Feb 03 08:42:35 doveadm([email protected]): Error: sync: Couldn't
>>>>>> initialize SSL context: Can't verify remote server certs without trusted
>>>>>> CAs (ssl_client_ca_* settings)
>>>>>>
>>>>>> No logs from server2
>>>>>>
>>>>>> Any ideas ?
>>>>>>
>>>>>> Thx for your support
>>>>>>
>>>>>>
>>>>
--
Cordialement,
Thierry e-mail : [email protected]
