[Dovecot] Thunderbird STARTTLS error

Markus Fritz markus at opsys.de
Wed May 9 12:32:18 EEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Am 08.05.2012 20:58, schrieb Ken Stevenson:
> I'm just learning about this, but I was able to get it working
recently. Also I haven't read your earlier posts.
>
> Did you receive intermediate certificates from StartCom? When I got my
certificate, I had to concatenate together the contents of the
domain_name.crt file and the gd_bundle.crt file. That concatenated file
is the one I specify for ssl_cert_file. It has 4 certificates in it. I
ask because when I run the openssl command, my certificate chain has 4
sections where yours only has one.
>
> Does your ssl.cert have the intermediate certificates in it?
>
> On 2012-05-08 14:17, Markus Fritz wrote:
>> Hello,
>>
>> the error is still present:
>> May 8 19:47:18 opsys dovecot: imap-login: Disconnected (no auth
>> attempts): rip=82.113.119.140, lip=78.46.216.126
>>
>> Whenever I start a session with openssl to STARTTTL (Server:
>> mail.opsys.de) the handshake is successfull. Also I am able to login
>> to my account via 1 login.
>> In Thunderbird port 993 for SSL/TLS works correct, only STARTTLS on
>> port 143 isn't working properly.
>> The cert is Class 1 and signed by StartCom Ltd..
>> Dovecot.conf (for viewable reasons of this mail pasted):
>> http://pastie.org/private/bmrymyuo16ohzxdahf0nq
>> And here openssl output: http://pastie.org/private/3rpgll2s7hblev9ozpcq8w
>> Note the 'Verify return code: 21 (unable to verify the first
>> certificate)' in the output...
>>
>> Thanks for helping, I am working on this problem since 3 days.
>>
>> Kind regards
>>
>> Markus Fritz
>

I got only this keys. Can you explain me what exactly you mean with
adding chains?
And I wonder why this error only occurs in Thunderbird, not in openssl.

- -- 
Markus Fritz
Administration

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
iQEcBAEBAgAGBQJPqjmiAAoJEINBXoxEgR1s+moIAJMfHRtIRC1JrBno8bbRxVuR
Yc1xx196N80DFzzMD9+G77SXO0gJqmbzD5KjFwllt3JxtTr3XFIjKhutW8mEcLh2
EU65CH9TCWByXkzQSoFGTGKwdX7OKG4doSm7MZuQtpV6jVmZrIOs6GEFD+cApWy/
I1aWfKqK7b6S8bYRqw57hlNsuYxv6kB4w1t+IC9wMHbx5ULNWmZwxL2O/TWBnv2c
qEbu8bkHIhebNq9NdEGGWZnAd36Kv3Ji231HjgD/WhQjcnF2LNzHIQ4B11xRiOBC
LzYN8RLi4iOuloSHLlylNmob/bgAwxL8AdESo5n+1SwYDBcRy1CllEbD+QYSUoc=
=Cjg6
-----END PGP SIGNATURE-----




More information about the dovecot mailing list