How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
Aki Tuomi
aki.tuomi at open-xchange.com
Mon May 25 18:55:17 EEST 2020
Sorry...
openssl x509 -text -noout -in /etc/letsencrypt/live/...../fullchain.pem
and
openssl s_client -connect host:993
Aki
> On 25/05/2020 18:52 hanasaki at gmail.com <hanasaki at gmail.com> wrote:
>
>
> s_client: Option unknown option -trace
> ***
> x509: Unknown parameter text
>
>
> On 5/25/20 11:49 AM, Aki Tuomi wrote:
> > Hi!
> >
> > Can you do
> >
> > openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem
> >
> > and check these things:
> >
> > your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see this by looking for 1.3.6.1.5.5.7.1.24
> >
> > Also, can you provide output of
> >
> > openssl s_client -connect host:993 -trace
> >
> > Aki
> >
> >> On 25/05/2020 18:46 hanasaki at gmail.com <hanasaki at gmail.com> wrote:
> >>
> >>
> >> Hello Aki and all,
> >>
> >> The below lines are in the dovecot config file. This seems to be the
> >> same as Aki's suggestion. correct? I have also double checked file
> >> perms, tried with several new key gens, several versions of thunderbird
> >> and created completely new thunderbird profiles.
> >>
> >> Thank you,
> >>
> >> ssl_cert = </etc/letsencrypt/live/...../fullchain.pem
> >> ssl_key = </etc/letsencrypt/live/...../privkey.pem
> >>
> >>
> >> On 5/25/20 11:11 AM, Aki Tuomi wrote:
> >>> The real reason is that you have misconfigured your cert. Alert 42 means that the *client* consider *server* client untrusted.
> >>>
> >>> If you are using LE cert you should configure
> >>>
> >>> ssl_cert=</etc/letsencrypt/live/domain/fullchain.pem
> >>> ssl_key=</etc/letsencrypt/live/domain/privkey.pem
> >>>
> >>> Aki
> >>>
> >>>> On 25/05/2020 18:01 Hanasaki Jiji <hanasaki at gmail.com> wrote:
> >>>>
> >>>>
> >>>> From the config : auth_ssl_require_client_cert = no
> >>>> GMail empty vcard ... I have no ideas . so sorry.
> >>>>
> >>>> Coding snippets. What can I provide for you that will help?
> >>>> NOTE: it is pretty much the default config from Debian.
> >>>>
> >>>> Thank you,
> >>>>
> >>>> On Sun, May 24, 2020 at 9:29 PM Benny Pedersen <me at junc.eu> wrote:
> >>>>>
> >>>>> On 2020-05-25 02:54, hanasaki at gmail.com wrote:
> >>>>>> Config has
> >>>>>> ssl_verify_client_cert = no
> >>>>>> What options might have the client auth turned on?
> >>>>>
> >>>>> why does gmail attacht empty vcard info ?
> >>>>>
> >>>>> without any config snippes its hard to say what config error is local
> >>>>>
> >>>>> https://wiki.dovecot.org/SSL/DovecotConfiguration
> >>>>>
> >>>>> is it auth_ssl_require_client_cert = yes
> >>>>>
> >>>>> i dont use this auth features to make thunderbird work
More information about the dovecot
mailing list