Hi
I can connect from my mutt client box to my dovecot server after mkcert.sh has been run and the cert and key are in the correct location(according to dovecot config file) and "enable_plaintext_authentciation = no" is also in the dovecot.conf, as well as ssl = yes. Does this mean that user authentication is being performed by SSL or just that SSL is protecting an interior protocol that performs it's own authentication?. What i'm trying to say is....
If i run:
Code:
#openssl s_client -quiet -connect my_dovecot_server.domain:993
I get this in reponse:
Code:
verify return:1
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
What confused me was that i read somewhere that in an imaps connection that the client sent the server a public key. I can connect from the mutt client host by typing my password. But, like i said before, is proper SSL authentication happening here?; To get proper encrypted authentication and sessions do you have to be your own CA(and give the client host a cert) or go to an official CA etc etc or does the response i received and the fact that i can connect when enable_plaintext_authentication = no, indicate that I've already got these things? Or just one of them(authentication)?. I will post my configs if necessary.
Since writing the first edit of this post i've come to understand this: The message i received indicates that i can offer secure IMAPS to clients. It doesn't protect my server from bogus clients logging in. To do that i think(not 100% sure) that i would have to be my own CA(use CA.pl openssl script) and issue certs to my clients. Or go to an official CA and get a cert/chain of certs from them, then issue these certs to my clients. Or just offer IMAPS to internal clients and firewall the other IMAPS requests
Please correct me if i'm wrong
cheers
Thank you very much for shedding some light on the subject