Self-Signed Certificate issue

chaouche yacine yacinechaouche at
Sun Sep 25 10:19:12 UTC 2016

From: Darryl Baker <darryl.p.baker at>

 To: dovecot at 
 Sent: Friday, September 23, 2016 6:07 PM
 Subject: Self-Signed Certificate issue
I keep getting what I am interpreting as
a missing CA cert. The message is:

dovecot: imap-login: Error: SSL: Stacked error: error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48

That's because your client doesn't know about the certificate *issuer* so it doesn't trust it (the certificate), it's not an *authority* (the A in CA). What you need to do is include the *issuer's* certificate in your server's. But even then, the issuer was yourself, and your are not trusted either on the client's side. So what you need to do is install the root certificate in the client's machine so that certificates signed with it are trusted. When root cert is trusted on the client side, it will trust the intermediate (issuer) certificate because it was signed by it, and trust the server's certificate because it was signed by the intermediate (this is why it's called a certificate *chain* which often has only one intermediate CA although many intermediates are possible).


More information about the dovecot mailing list