[Dovecot] Thunderbird STARTTLS error
Ken Stevenson
ken at allenmyland.com
Tue May 8 21:58:15 EEST 2012
I'm just learning about this, but I was able to get it working
recently. Also I haven't read your earlier posts.
Did you receive intermediate certificates from StartCom? When I got my
certificate, I had to concatenate together the contents of the
domain_name.crt file and the gd_bundle.crt file. That concatenated file
is the one I specify for ssl_cert_file. It has 4 certificates in it. I
ask because when I run the openssl command, my certificate chain has 4
sections where yours only has one.
Does your ssl.cert have the intermediate certificates in it?
On 2012-05-08 14:17, Markus Fritz wrote:
> Hello,
>
> the error is still present:
> May 8 19:47:18 opsys dovecot: imap-login: Disconnected (no auth
> attempts): rip=82.113.119.140, lip=78.46.216.126
>
> Whenever I start a session with openssl to STARTTTL (Server:
> mail.opsys.de) the handshake is successfull. Also I am able to login
> to my account via 1 login.
> In Thunderbird port 993 for SSL/TLS works correct, only STARTTLS on
> port 143 isn't working properly.
> The cert is Class 1 and signed by StartCom Ltd..
> Dovecot.conf (for viewable reasons of this mail pasted):
> http://pastie.org/private/bmrymyuo16ohzxdahf0nq
> And here openssl output:
> http://pastie.org/private/3rpgll2s7hblev9ozpcq8w
> Note the 'Verify return code: 21 (unable to verify the first
> certificate)' in the output...
>
> Thanks for helping, I am working on this problem since 3 days.
>
> Kind regards
>
> Markus Fritz
More information about the dovecot
mailing list