On 09.04.2018 02:37, David Mehler wrote:
what I'm wanting to do is tighten my tls verification options. My domains each use a different letsencrypt certificate.
Depending on your platform, you could do without any special Roundube configuration. With modern Linux distributions like Gentoo this works:
With that, Let's Encrypt is configured as a locally trusted CA for libssl, and in the Roundube configuration only
$config['default_host'] = 'ssl://imap.horus-it.com';
is then required, if you match the host name of your certificate. This method benefits any process on your server that uses libssl.
-Ralph
(*) See 'man 8 update-ca-certificates'.