[Dovecot] Thunderbird STARTTLS error
Markus Fritz
markus at opsys.de
Wed May 9 16:05:20 EEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 09.05.2012 14:32, schrieb Ken Stevenson:
>>
>> I got only this keys. Can you explain me what exactly you mean with
>> adding chains?
>> And I wonder why this error only occurs in Thunderbird, not in openssl.
>>
>
> Never mind, I don't think my first guess was correct. I wonder if it
has to do with the error 27 reported in the verify by openssl. According
to the manual, an error 27 means:
>
> "the root CA is not marked as trusted for the specified purpose."
>
> It looks like the certificate is valid cryptographically, but that it
wasn't certified for how you're using it.
>
> If I run:
>
> openssl x509 -in ssl.crt -noout -text
>
> The output includes the following:
>
> X509v3 Extended Key Usage:
> TLS Web Server Authentication, TLS Web Client Authentication
> X509v3 Key Usage: critical
> Digital Signature, Key Encipherment
>
> Does yours look different?
Mine looks like this:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
- --
Markus Fritz
Administration
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPqmuQAAoJEINBXoxEgR1sshwIALPRc0ozkTms2z9q+wLo8nP4
ELA7OsIUYiRUbhO1WOvfUQ+Ltssw5WcmvDQdpiAEZBL92s3hLvGqiJxc4TjoF3Fd
lfar4OIQ/G2GMgzA9QeJu/EVMks29031RifSo2zkXnmTJMoTVAtsnRMc3UwIOTPV
0yDAXMZN7Ph4t5TbjJRk6Dox2PZj9qsixsOXb82ErE9TyaKT/p+Qdk2U/gvKWMUM
Himz4q6bWIpc5D+h1KKes27+HIHPWjFLE2OPKfF58vw1ws1dmYvwM14v3RRW9e1X
UYBZXcv5dIJHNXhkANgY/reWQjl3QU5JIalyU4S8MaF1OTr4Gr4SzsBBzY5eCd0=
=j6Vx
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list