[Dovecot] Client certificate verification/authentication
eizert
eizert at free.fr
Tue May 29 13:06:30 EEST 2007
I would like to use Client certificate verification/authentication.
My MTA used this function.
I've a problem to make a valid certificate.
For my MTA i used :
openssl req -new -nodes -x509 -keyout user_key.pem -out user_req.pem
-days 365
openssl ca -out user_signed.pem -infiles user_req.pem
openssl pkcs12 -in user_signed.pem -inkey user_key.pem -out user.p12
-export -name "user at hotsname"
user.p12 match in my MTA
Not in Dovecot...
In my log, i've simply :
dovecot: auth(default): Client didn't present valid SSL certificate
Also, in the documentation
The username is taken from the subject's DN's CommonName
<http://wiki.dovecot.org/CommonName> field (using OpenSSL's
X509_NAME_get_text_by_NID() function).
But when i used
openssl req -new -nodes -keyout user_key.pem -out user_req.pem -days 365
my common name is my hostname not my username.
I don't think that the option -name user at hostname (in manpage openssl
:: -name is friendly name)...
Sorry but it's ambiguous for me...
More information about the dovecot
mailing list