On 09/11/2022 18:19, Alexander Dalloz wrote:
Am 09.11.2022 um 18:30 schrieb [email protected]:
On 2022-11-09 16:59, Alexander Dalloz wrote:
Am 09.11.2022 um 15:58 schrieb Ruben Safir:
Hello
I am getting this error and I have no idea why. openssh is upto date
You have a self-signed certificate in place. The connecting client
cannot valide whether to trust to answering server.
Alexander
Try to run the following against the client certificate full chain and
cert file:-
ope nssl verify -CAfile fullchain.pem cert.pem
if it did throw an error then try verifying with an updated CA
certificates bundle directly from OS using the following which works
with me in RHEL7:-
y um reinstall ca-certificatesupdate-ca-trust
Or if already installed.
update-ca-trust.
Given you are using a self signed certificate, I guess, you will have
to append manually the CA certificate, which you've used to sign the
self signed client certificate in CA bundle PEM file i.e.
tls-ca-bundle.pem. Also, you will have to reference the CA file in
dovecot using the following:-
ssl_client_ca_file = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
ssl_verify_client_cert = yes
Good luck.
Zakaria.
That's pointless as the certificate hasn't been issued by Let's Encrypt.
Alexander
This got nothing to with LE or own CA. Bottom line is, you need to add
your own CA to the cert tore (ideally) - look in DuckDuckGo how that
works for your distri - Linux is different from BSD - for example.
That would be my line in FreeBSD, using a single file for the CA :
$FOO_BIN -d 60 -F -f /usr/local/etc/fetchmailrc --sslcertfile
/etc/ssl/certs/my-ca.crt
The --sslcertfile part can be dumped if using the global store.
Bottom line - independent from CA.
--
Thanks and regards
Goetz R Schultz
---------------->8----------------
Quis custodiet ipsos custodes?
/"\
\ / ASCII Ribbon Campaign
X against HTML e-mail
/ \
----------------8<----------------
---------------------------->8------------------------------
/"\
\ / ASCII Ribbon Campaign
X against HTML e-mail
/ \
This message is transmitted on 100% recycled electrons.
---------------------------->8------------------------------
Unsigned message - no responsibillity that content is not altered
