SSL alert number 42

Raymond Herrera raymond at forcewise.com
Tue Nov 10 23:02:02 EET 2020 

That is good to know. I was working on the wrong assumption, attempting 
to create a client certificate on the Windows/Thunderbird side.

I am using the SSL Certificate that comes with the distribution, so the 
conclusion is Thunderbird does not trust it.

I have this in my notes from ages ago, for generating my own self-signed 
certificate:

% openssl req -x509 -newkey rsa:4096 -sha256 -keyout openssl.key -out 
openssl.crt -days 600 -config san.cnf

See attached the 2 errors that I am getting, one is from the 
distribution cert.

Can a kind soul tell me the current way to do this in Linux?

Perhaps I should use a free service? Which?

TIA

Raymond


On 11/10/2020 2:20 PM, Aki Tuomi wrote:
>> On 10/11/2020 19:17 Raymond Herrera<raymond at forcewise.com>  wrote:
>>
>>
>> This is a followup to my thread "Recommended Protocols?".
>> The error message is as follows:
>>   dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42
>>
>> I have selected both SSL/TLS and STARTTLS on the Thunderbird side, with identical results.
>>
>> The first question that I have is this. Is there any way to know whether that error messages comes from an attempt to read:
>>   
>>   (a) The server SSL certificate?
>>   (b) The client SSL certificate?
>> Please find attached 2 log files. I am essentially using the distribution files as they come from the box.
>>
>> TIA
>>
>>
> While bit confusing, this actually means the client did not trust the server certificate. Usually because you forgot the chain certs from the cert file.
>
> Aki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20201110/23898fdb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenSSL Verify Errors.jpg
Type: image/jpeg
Size: 89192 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20201110/23898fdb/attachment-0001.jpg>

More information about the dovecot mailing list