On 19/12/2024 13:17, Marc via dovecot wrote:
What is the best way to get rid of this message? I think clients
start
generating after ssl crt update.
This usually means you forgot to use fullchain cert. This is coming
from
clients telling you they don't like your certificate.
openssl s_client -connect xxxxxxxxx:143 -starttls imap
this returns
Verify return code: 0 (ok)
Should I test this differently?
Even if I check on the host directly
[@ certs]# openssl verify xxxxx.crt
/xxxx.crt: OK
Well, can't really say much since you're not really providing any
details.
I don't seem to get any more details with verbose_ssl=yes. How can I see what
cert/ssl-config this could be? I have still some old configs, maybe some
clients use that.
_______________________________________________
Why not just look at your ssl_cert parameter in 10-ssl.conf and then
inspect the file it points to. Does it have a single certificate or more
than one?
Are you expecting to need a chain/intermediate certificate?
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
