Am 11.07.2013 20:47, schrieb Peter von Nostrand: > I'm running a new dovecot 2.0.9 under Centos 6.4. I'm having an issue with > SSL certificate not being accepted by the email client. > I have my own CA and I have generated certificates for web usage without a > problem. > > For imaps and pop3s what I did was generate a certificate for the hostname > of my dovecot server and then cat that cert with the intermediate and root > CA certificates. No matter what thunderbird still complains with Unknown > identity.
because thunderbird does not trust your own CA by default without import it there by hand - you can not expect to cat your CA to the cert for the server and that is enough to get truested by the client - if so everybody would do this to make his DNS forgery successful please do not post debug logs anywhere without requested > This is the log: > Jul 11 15:38:45 imap-login: Warning: SSL: where=0x10, ret=1: > before/accept initialization [192.168.0.1] > Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: > before/accept initialization [192.168.0.1] > Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv2/v3 > read client hello A [192.168.0.1] the below is clear because the client does not finish the TLS handshake > Jul 11 15:38:45 imap-login: Info: Disconnected (no auth attempts): > rip=192.168.0.1, lip=192.168.1.1, TLS: SSL_read() failed: > error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate > unknown: SSL alert number 46
signature.asc
Description: OpenPGP digital signature
