Self-Signed Certificate issue

Darryl Baker darryl.p.baker at
Sun Sep 25 18:19:42 UTC 2016

Building a new certificate as described in a previous email worked.

*Darryl Baker*

On Sun, Sep 25, 2016 at 5:19 AM, chaouche yacine <yacinechaouche at>

> *From:* Darryl Baker <darryl.p.baker at>
> *To:* dovecot at
> *Sent:* Friday, September 23, 2016 6:07 PM
> *Subject:* Self-Signed Certificate issue
> I keep getting what I am interpreting as
> a missing CA cert. The message is:
> dovecot: imap-login: Error: SSL: Stacked error: error:14094418:SSL
> routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48
> That's because your client doesn't know about the certificate *issuer* so
> it doesn't trust it (the certificate), it's not an *authority* (the A in
> CA). What you need to do is include the *issuer's* certificate in your
> server's. But even then, the issuer was yourself, and your are not trusted
> either on the client's side. So what you need to do is install the root
> certificate in the client's machine so that certificates signed with it are
> trusted. When root cert is trusted on the client side, it will trust the
> intermediate (issuer) certificate because it was signed by it, and trust
> the server's certificate because it was signed by the intermediate (this is
> why it's called a certificate *chain* which often has only one intermediate
> CA although many intermediates are possible).

More information about the dovecot mailing list