SSL alert number 42
Aki Tuomi
aki.tuomi at open-xchange.com
Tue Nov 10 23:04:59 EET 2020
LetsEncrypt is not the worst.
> On 10/11/2020 23:02 Raymond Herrera <raymond at forcewise.com> wrote:
>
>
>
>
> That is good to know. I was working on the wrong assumption, attempting to create a client certificate on the Windows/Thunderbird side.
> I am using the SSL Certificate that comes with the distribution, so the conclusion is Thunderbird does not trust it.
> I have this in my notes from ages ago, for generating my own self-signed certificate:
> % openssl req -x509 -newkey rsa:4096 -sha256 -keyout openssl.key -out openssl.crt -days 600 -config san.cnf
> See attached the 2 errors that I am getting, one is from the distribution cert.
>
> Can a kind soul tell me the current way to do this in Linux?
> Perhaps I should use a free service? Which?
>
> TIA
>
> Raymond
>
>
>
> On 11/10/2020 2:20 PM, Aki Tuomi wrote:
>
> > > On 10/11/2020 19:17 Raymond Herrera <raymond at forcewise.com> wrote:
> > >
> > >
> > > This is a followup to my thread "Recommended Protocols?".
> > > The error message is as follows:
> > > dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42
> > >
> > > I have selected both SSL/TLS and STARTTLS on the Thunderbird side, with identical results.
> > >
> > > The first question that I have is this. Is there any way to know whether that error messages comes from an attempt to read:
> > >
> > > (a) The server SSL certificate?
> > > (b) The client SSL certificate?
> > > Please find attached 2 log files. I am essentially using the distribution files as they come from the box.
> > >
> > > TIA
> > >
> > >
> > >
> > While bit confusing, this actually means the client did not trust the server certificate. Usually because you forgot the chain certs from the cert file.
> >
> > Aki
> >
More information about the dovecot
mailing list