Sorry... openssl x509 -text -noout -in /etc/letsencrypt/live/...../fullchain.pem
and openssl s_client -connect host:993 Aki > On 25/05/2020 18:52 hanas...@gmail.com <hanas...@gmail.com> wrote: > > > s_client: Option unknown option -trace > *** > x509: Unknown parameter text > > > On 5/25/20 11:49 AM, Aki Tuomi wrote: > > Hi! > > > > Can you do > > > > openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem > > > > and check these things: > > > > your server hostname isn included in SubjectAlternativeNames, and that the > > cert hasn't got MUST-STAPLE attribute? You can see this by looking for > > 1.3.6.1.5.5.7.1.24 > > > > Also, can you provide output of > > > > openssl s_client -connect host:993 -trace > > > > Aki > > > >> On 25/05/2020 18:46 hanas...@gmail.com <hanas...@gmail.com> wrote: > >> > >> > >> Hello Aki and all, > >> > >> The below lines are in the dovecot config file. This seems to be the > >> same as Aki's suggestion. correct? I have also double checked file > >> perms, tried with several new key gens, several versions of thunderbird > >> and created completely new thunderbird profiles. > >> > >> Thank you, > >> > >> ssl_cert = </etc/letsencrypt/live/...../fullchain.pem > >> ssl_key = </etc/letsencrypt/live/...../privkey.pem > >> > >> > >> On 5/25/20 11:11 AM, Aki Tuomi wrote: > >>> The real reason is that you have misconfigured your cert. Alert 42 means > >>> that the *client* consider *server* client untrusted. > >>> > >>> If you are using LE cert you should configure > >>> > >>> ssl_cert=</etc/letsencrypt/live/domain/fullchain.pem > >>> ssl_key=</etc/letsencrypt/live/domain/privkey.pem > >>> > >>> Aki > >>> > >>>> On 25/05/2020 18:01 Hanasaki Jiji <hanas...@gmail.com> wrote: > >>>> > >>>> > >>>> From the config : auth_ssl_require_client_cert = no > >>>> GMail empty vcard ... I have no ideas . so sorry. > >>>> > >>>> Coding snippets. What can I provide for you that will help? > >>>> NOTE: it is pretty much the default config from Debian. > >>>> > >>>> Thank you, > >>>> > >>>> On Sun, May 24, 2020 at 9:29 PM Benny Pedersen <m...@junc.eu> wrote: > >>>>> > >>>>> On 2020-05-25 02:54, hanas...@gmail.com wrote: > >>>>>> Config has > >>>>>> ssl_verify_client_cert = no > >>>>>> What options might have the client auth turned on? > >>>>> > >>>>> why does gmail attacht empty vcard info ? > >>>>> > >>>>> without any config snippes its hard to say what config error is local > >>>>> > >>>>> https://wiki.dovecot.org/SSL/DovecotConfiguration > >>>>> > >>>>> is it auth_ssl_require_client_cert = yes > >>>>> > >>>>> i dont use this auth features to make thunderbird work
