I'm just learning about this, but I was able to get it working
recently. Also I haven't read your earlier posts.
Did you receive intermediate certificates from StartCom? When I got my
certificate, I had to concatenate together the contents of the
domain_name.crt file and the gd_bundle.crt file. That concatenated file
is the one I specify for ssl_cert_file. It has 4 certificates in it. I
ask because when I run the openssl command, my certificate chain has 4
sections where yours only has one.
Does your ssl.cert have the intermediate certificates in it?
On 2012-05-08 14:17, Markus Fritz wrote:
Hello,
the error is still present:
May 8 19:47:18 opsys dovecot: imap-login: Disconnected (no auth
attempts): rip=82.113.119.140, lip=78.46.216.126
Whenever I start a session with openssl to STARTTTL (Server:
mail.opsys.de) the handshake is successfull. Also I am able to login
to my account via 1 login.
In Thunderbird port 993 for SSL/TLS works correct, only STARTTLS on
port 143 isn't working properly.
The cert is Class 1 and signed by StartCom Ltd..
Dovecot.conf (for viewable reasons of this mail pasted):
http://pastie.org/private/bmrymyuo16ohzxdahf0nq
And here openssl output:
http://pastie.org/private/3rpgll2s7hblev9ozpcq8w
Note the 'Verify return code: 21 (unable to verify the first
certificate)' in the output...
Thanks for helping, I am working on this problem since 3 days.
Kind regards
Markus Fritz
