[Dovecot] SSL stops working after server upgrade
"Ing. Daniel Rozsnyó"
daniel at rozsnyo.com
Fri Sep 17 01:00:06 EEST 2010
On 16. 9. 2010 23:48, Timo Sirainen wrote:
> On 16.9.2010, at 22.20, Ing. Daniel Rozsnyó wrote:
>
>> Sep 16 23:12:30 [dovecot] imap-login: Disconnected (no auth attempts): rip=192.168.77.202, lip=192.168.77.201, mpid=0, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
> My guess: The upgrade changed/broke Dovecot's SSL certificates. doveconf -n output would have been useful.
>
The first line is temporal, for accessing emails on :143 (its over VPN
so still secure).
~ $ dovecot -n
# 2.0.2: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.35-gentoo-r6 i686 Gentoo Base System release 2.0.1
disable_plaintext_auth = no
listen = *
mail_location = maildir:~/.maildir
passdb {
args = *
driver = pam
}
protocols = imap
ssl_cert = </etc/ssl/dovecot/server.pem
ssl_key = </etc/ssl/dovecot/server.key
userdb {
driver = passwd
}
verbose_ssl = yes
The files which are referred in SSL are:
-r-------- 1 root root 887 Nov 11 2009 server.key
-r-------- 1 root root 1930 Nov 11 2009 server.pem
The KEY contains an rsa private key and PEM is a private key +
certificate (no DH). These are the files which were used before and they
have worked.
Trying to change their owner/group to dovecot:dovecot does not help,
same error occurs. Renaming them or broking the filenames in
ssl_cert/key results in different error:
doveconf: Fatal: Error in configuration file
/etc/dovecot/conf.d/10-ssl.conf line 13: ssl_cert: Can't open file
/etc/ssl/dovecot/server.pem: No such file or directory
Thats all. Other ideas? Regenerate the SSL key/certificate? Try other
client?
Daniel
More information about the dovecot
mailing list