Thunderbird with cyrus-imapd: Why chose client certificate?
Goetz Babin-Ebell
goetz at shomitefo.de
Thu Nov 13 15:57:44 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frank Richter wrote:
| Hi,
| I've a cyrus-imapd 2.3.12 installation with these options in imapd.conf
|
| tls_cert_file: /etc/exim/etc/server.crt
| tls_key_file: /etc/exim/etc/server.key
| tls_ca_file: /etc/pki/tls/certs/ca-chain.crt
| tls_require_cert: 0
|
| SSL and STARTTLS are working fine.
|
| I've imported a personal S/MIME certificate to thunderbird. When
| connecting to the IMAP server (using STARTTLS), thunderbird asks me to
| select a client cert, showing (translated from German):
| This website (!) requires a certificate for identification ...
| Chose a certificate ...
|
| The server doesn't and shouldn't accept client certificates.
| So who is wrong? My configuration, thunderbird ...
If you don't want to do client authentication, why do you set
tls_ca_file at all ?
If you really need a CA file with your server cert,
you can include it in your tls_cert_file.
And you only need to do that if you have your server
cert signed by an intermediate CA and not a root
certificate:
- --------- -------------- --------
|root CA| -> |intermediate| ->... |server|
- --------- -------------- --------
do not include in in
include tls_cert_file tls_cert_file
Bye
Goetz
- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJHJTI2iGqZUF3qPYRAnl9AJ43rnyStSA+3R1rQxEBKRpLxFAklACffN4a
nvsQq/nE12+gTdQttGDyn0M=
=ZlAs
-----END PGP SIGNATURE-----
More information about the Info-cyrus
mailing list