tlsv1 alert unknown ca: SSL alert number 48
Maurizio Dall'Acqua
pi at lab2000-linux.homepc.it
Fri Jun 17 20:14:04 UTC 2016
I have tried all the suggestions up till now but the error message is still
there.
I have tried this configuaration for roundcube:
$config['imap_conn_options'] = array(
'ssl' => array(
'peer_name' => '<FQDN_OF_DOVECOT_CERTIFICATE>',
'verify_peer' => true,
'verify_depth' => 3,
// 'cafile' => '/dont/need/to/set/this/option',
),
);
and this one:
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
and this one too:
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
'verify_depth' => 3,
'cafile' => '/path/to/my/self/signed/certificate.pem',
),
);
I'm at a loss :-(
On Fri, Jun 17, 2016 at 08:43:11AM +0200, Dr. Matthias Sitte wrote:
> Solution: Set 'peer_name' in the SSL stream context to the FQDN of the
> server certificate(s):
>
> // IMAP socket context options
> // See http://php.net/manual/en/context.ssl.php
> $config['imap_conn_options'] = array(
> 'ssl' => array(
> 'peer_name' => '<FQDN_OF_DOVECOT_CERTIFICATE>',
> 'verify_peer' => true,
> 'verify_depth' => 3,
> #'cafile' => '/dont/need/to/set/this/option',
> ),
> );
>
> // SMTP socket context options
> // See http://php.net/manual/en/context.ssl.php
> $config['smtp_conn_options'] = array(
> 'ssl' => array(
> 'peer_name' => '<FQDN_OF_POSTFIX_CERTIFICATE>',
> 'verify_peer' => true,
> 'verify_depth' => 3,
> #'cafile' => '/dont/need/to/set/this/option',
> ),
> );
>
> Works for me.
>
> On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:
> >I think that you are right when you say that the problem may be the
> >certificate recognition.
> >
> >As for Roundcube, I've inserted the uncommented php code that you provided
> >in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file for
> >/config/defaults.inc.php. Unfortunately Roundcube doesn't login and
> >replies
> > with the message "connection to storage server failed". And the log file
> >of dovecot gives the reason: unknown certificate.
> >
> >In order to solve this problem do you think that I should look into the
> >configuration file of Squirrelmail/Roundcube or in the config file of
> >Dovecot?
> >
> >
> >On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
> >>On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote:
> >>> Hi,
> >>>
> >>> I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi
> >>> running Raspbian Jassie OS.
> >>>
> >>> Now I would like to add an on-line e-mail client like Squirrelmail or
> >>> Roundcube. I was able to start up these two clients but when I try to login
> >>> I get this error message in the dovecot log:
> >>>
> >>> tlsv1 alert unknown ca: SSL alert number 48
> >>>
> >>> But I have inserted the self-signed certificate and key in
> >>> /etc/dovecot/conf.d/10-master.conf
> >>>
> >>> Moreover, I can send and receive e-mails from/to my server, and I can login
> >>> successfully to dovecot IMAP with Thunderbird.
> >>>
> >>> Can somebody give me a clue on how to solve this problem? Any help would me much
> >>> appreciated.
> >>>
> >>> Regards,
> >>> Maurizio
> >>
> >>This could mean that the client has indicated it was unable to verify
> >>the server's certificate.
> >>
> >>With regards to Roundcube, see this in config/defaults.inc.php:
> >>
> >>//$config['imap_conn_options'] = array(
> >>// 'ssl' => array(
> >>// 'verify_peer' => true,
> >>// 'verify_depth' => 3,
> >>// 'cafile' => '/etc/openssl/certs/ca.crt',
> >>// ),
> >>// );
> >>
> >>
More information about the dovecot
mailing list