SSL alert number 42
Arjen de Korte
build+dovecot at de-korte.org
Wed Nov 11 00:14:57 EET 2020
Citeren Raymond Herrera <raymond at forcewise.com>:
> That is good to know. I was working on the wrong assumption,
> attempting to create a client certificate on the Windows/Thunderbird
> side.
>
> I am using the SSL Certificate that comes with the distribution, so
> the conclusion is Thunderbird does not trust it.
>
> I have this in my notes from ages ago, for generating my own
> self-signed certificate:
>
> % openssl req -x509 -newkey rsa:4096 -sha256 -keyout openssl.key
> -out openssl.crt -days 600 -config san.cnf
>
> See attached the 2 errors that I am getting, one is from the
> distribution cert.
I recommend you stay clear of self-signed certificates if the number
of users is greater than one, unless there is a very specific need to
use them. Setting up multiple systems to trust your self-signed
certificate is no fun when you need to aid people in setting up their
systems to trust it.
> Can a kind soul tell me the current way to do this in Linux?
>
> Perhaps I should use a free service? Which?
In most cases, Letsencrypt will work just fine. Do remember to setup
auto renewal for your certificate(s) and make sure you trigger your
systems to reload them upon renewal. You wouldn't be the first to
forget about the latter.
> TIA
>
> Raymond
More information about the dovecot
mailing list