> | Hi, > | I've a cyrus-imapd 2.3.12 installation with these options in imapd.conf > | > | tls_cert_file: /etc/exim/etc/server.crt > | tls_key_file: /etc/exim/etc/server.key > | tls_ca_file: /etc/pki/tls/certs/ca-chain.crt > | tls_require_cert: 0 > | > | SSL and STARTTLS are working fine. > | > | I've imported a personal S/MIME certificate to thunderbird. When > | connecting to the IMAP server (using STARTTLS), thunderbird asks me to > | select a client cert, showing (translated from German): > | This website (!) requires a certificate for identification ... > | Chose a certificate ... > | > | The server doesn't and shouldn't accept client certificates. > | So who is wrong? My configuration, thunderbird ... > > If you don't want to do client authentication, why do you set > tls_ca_file at all ? > > If you really need a CA file with your server cert, > you can include it in your tls_cert_file. > And you only need to do that if you have your server > cert signed by an intermediate CA and not a root > certificate: > > - --------- -------------- -------- > |root CA| -> |intermediate| ->... |server| > - --------- -------------- -------- > do not include in in > include tls_cert_file tls_cert_file Thanks, but ... I did this - not defining a tls_ca_file, and adding my CA chain to tls_cert_file. I'm getting the same behavior - Thunderbird is asking for a client cert. And the log entry: TLS server engine: No CA file specified. Client side certs may not work Regards, Frank -- E-Mail: Frank.Richter@xxxxxxxxxxxxxxxxxx http://www.tu-chemnitz.de/~fri/ Work: Computing Services, Chemnitz University of Technology, Germany ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
