SSL alert number 42
Raymond Herrera
raymond at forcewise.com
Tue Nov 10 23:02:02 EET 2020
That is good to know. I was working on the wrong assumption, attempting
to create a client certificate on the Windows/Thunderbird side.
I am using the SSL Certificate that comes with the distribution, so the
conclusion is Thunderbird does not trust it.
I have this in my notes from ages ago, for generating my own self-signed
certificate:
% openssl req -x509 -newkey rsa:4096 -sha256 -keyout openssl.key -out
openssl.crt -days 600 -config san.cnf
See attached the 2 errors that I am getting, one is from the
distribution cert.
Can a kind soul tell me the current way to do this in Linux?
Perhaps I should use a free service? Which?
TIA
Raymond
On 11/10/2020 2:20 PM, Aki Tuomi wrote:
>> On 10/11/2020 19:17 Raymond Herrera<raymond at forcewise.com> wrote:
>>
>>
>> This is a followup to my thread "Recommended Protocols?".
>> The error message is as follows:
>> dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42
>>
>> I have selected both SSL/TLS and STARTTLS on the Thunderbird side, with identical results.
>>
>> The first question that I have is this. Is there any way to know whether that error messages comes from an attempt to read:
>>
>> (a) The server SSL certificate?
>> (b) The client SSL certificate?
>> Please find attached 2 log files. I am essentially using the distribution files as they come from the box.
>>
>> TIA
>>
>>
> While bit confusing, this actually means the client did not trust the server certificate. Usually because you forgot the chain certs from the cert file.
>
> Aki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20201110/23898fdb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenSSL Verify Errors.jpg
Type: image/jpeg
Size: 89192 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20201110/23898fdb/attachment-0001.jpg>
More information about the dovecot
mailing list