[Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL

Charles Marcus CMarcus at Media-Brokers.com
Fri Apr 18 20:12:05 UTC 2014


On 4/18/2014 3:57 PM, Charles Marcus <CMarcus at Media-Brokers.com> wrote:
> Everything seems to be working, BUT... I'm now seeing some of these 
> errors, that were not showing up in the logs before:
>
> 2014-04-18T15:42:24-04:00 dinkumthinkum dovecot: imap-login: 
> Disconnected (no auth attempts in 0 secs): user=<>, TLS: SSL_read() 
> failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad 
> certificate: SSL alert number 42, rip=24.126.163.180, lport=143
> 2014-04-18T15:42:34-04:00 dinkumthinkum dovecot: imap-login: 
> Disconnected (no auth attempts in 0 secs): user=<>, TLS: SSL_read() 
> failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad 
> certificate: SSL alert number 42, rip=98.66.176.115, lport=143
>
> !2 total in the last 25 minutes since flipping the switch.
>
> and there have been two of these:
>
> 2014-04-18T15:54:07-04:00 dinkumthinkum dovecot: imap-login: 
> Disconnected (no auth attempts in 0 secs): user=<>, TLS handshaking: 
> SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 
> alert bad certificate: SSL alert number 42, rip=99.14.24.224, lport=143
>
> Not a huge number, but enough to be concerning...

Ahh... I'm sure we have some older clients that are still configured to 
use a different hostname...

So, if the new certs are for mail.example.com, and a client tries to 
connect using a different hostname, like imap.example.com, would that 
result in these kinds of errors?



More information about the dovecot mailing list