Disable client authentication with certificates

Dan White dwhite at olp.net
Tue Dec 3 09:39:49 EST 2013

On 12/03/13 14:29 +0200, Stefan Gofferje wrote:
>I have a Cyrus IMAP and Postfix running. Some time ago, I configured
>them for TLS and recently, I started to use also Thunderbird on those
>and Thunderbird is asking me on startup which certificate to use for
>identification for IMAP. Is there a way to tell Cyrus to *not* request
>the client certificates at all?
>Config attached.

>rfc_ignore_8bit: on
>configdirectory: /var/lib/imap
>#artition-default: /var/spool/imap
>partition-default: /server/imap
>sievedir: /var/lib/sieve
>admins: cyrus nobody
>lmtp_admins: cyrus nobody
>allowanonymouslogin: no
>autocreatequota: 10000
>#reject8bit: no
>quotawarn: 90
>timeout: 30
>poptimeout: 10
>dracinterval: 0
>drachost: localhost
>sasl_pwcheck_method: auxprop
>auxprop_plugin: sasldb
>postuser: shared
>allowplaintext: yes
>lmtp_overquota_perm_failure: no
>lmtpsocket: /var/spool/postfix/public/lmtp
># if you want TLS, you have to generate certificates and keys
>tls_cert_file: /etc/apache2/x.x.x.pem
>tls_key_file: /etc/apache2/x.x.x.pem
>tls_ca_file: /etc/apache2/ca-certs.pem
>#tls_ca_path: /usr/ssl/CA
>tls_require_cert: false
>tls_imap_require_cert: false
>tls_pop3_require_cert: false
>tls_lmtp_require_cert: false
>tls_sieve_require_cert: false

What log entries do you see during TLS authentication? Verify that this is
a server side problem with imtest.

Dan White

More information about the Info-cyrus mailing list