Re: How to make IMAPS SSL Cert for Dovecot that works with Thunderbird

Mon, 25 May 2020 08:49:48 -0700 

Hi!

Can you do

openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem

and check these things:

your server hostname isn included in SubjectAlternativeNames, and that the cert 
hasn't got MUST-STAPLE attribute? You can see this by looking for 
1.3.6.1.5.5.7.1.24

Also, can you provide output of

openssl s_client -connect host:993 -trace

Aki

> On 25/05/2020 18:46 hanas...@gmail.com <hanas...@gmail.com> wrote:
> 
>  
> Hello Aki and all,
> 
> The below lines are in the dovecot config file.   This seems to be the 
> same as Aki's suggestion. correct?  I have also double checked file 
> perms, tried with several new key gens, several versions of thunderbird 
> and created completely new thunderbird profiles.
> 
> Thank you,
> 
> ssl_cert = </etc/letsencrypt/live/...../fullchain.pem
> ssl_key = </etc/letsencrypt/live/...../privkey.pem
> 
> 
> On 5/25/20 11:11 AM, Aki Tuomi wrote:
> > The real reason is that you have misconfigured your cert. Alert 42 means 
> > that the *client* consider *server* client untrusted.
> > 
> > If you are using LE cert you should configure
> > 
> > ssl_cert=</etc/letsencrypt/live/domain/fullchain.pem
> > ssl_key=</etc/letsencrypt/live/domain/privkey.pem
> > 
> > Aki
> > 
> >> On 25/05/2020 18:01 Hanasaki Jiji <hanas...@gmail.com> wrote:
> >>
> >>   
> >>  From the config : auth_ssl_require_client_cert = no
> >> GMail empty vcard ... I have no ideas . so sorry.
> >>
> >> Coding snippets.   What can I provide for you that will help?
> >> NOTE: it is pretty much the default  config from Debian.
> >>
> >> Thank you,
> >>
> >> On Sun, May 24, 2020 at 9:29 PM Benny Pedersen <m...@junc.eu> wrote:
> >>>
> >>> On 2020-05-25 02:54, hanas...@gmail.com wrote:
> >>>> Config has
> >>>>        ssl_verify_client_cert = no
> >>>> What options might have the client auth turned on?
> >>>
> >>> why does gmail attacht empty vcard info ?
> >>>
> >>> without any config snippes its hard to say what config error is local
> >>>
> >>> https://wiki.dovecot.org/SSL/DovecotConfiguration
> >>>
> >>> is it auth_ssl_require_client_cert = yes
> >>>
> >>> i dont use this auth features to make thunderbird work

Reply via email to