-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frank Richter wrote: | Hi, | I've a cyrus-imapd 2.3.12 installation with these options in imapd.conf | | tls_cert_file: /etc/exim/etc/server.crt | tls_key_file: /etc/exim/etc/server.key | tls_ca_file: /etc/pki/tls/certs/ca-chain.crt | tls_require_cert: 0 | | SSL and STARTTLS are working fine. | | I've imported a personal S/MIME certificate to thunderbird. When | connecting to the IMAP server (using STARTTLS), thunderbird asks me to | select a client cert, showing (translated from German): | This website (!) requires a certificate for identification ... | Chose a certificate ... | | The server doesn't and shouldn't accept client certificates. | So who is wrong? My configuration, thunderbird ... If you don't want to do client authentication, why do you set tls_ca_file at all ? If you really need a CA file with your server cert, you can include it in your tls_cert_file. And you only need to do that if you have your server cert signed by an intermediate CA and not a root certificate: - --------- -------------- -------- |root CA| -> |intermediate| ->... |server| - --------- -------------- -------- do not include in in include tls_cert_file tls_cert_file Bye Goetz - -- DMCA: The greed of the few outweighs the freedom of the many -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJHJTI2iGqZUF3qPYRAnl9AJ43rnyStSA+3R1rQxEBKRpLxFAklACffN4a nvsQq/nE12+gTdQttGDyn0M= =ZlAs -----END PGP SIGNATURE----- ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
