SSL alert number 42
Raymond Herrera
raymond at forcewise.com
Wed Nov 11 01:10:15 EET 2020
I found out that the concatenation is simply text based here:
https://whatsmychaincert.com
And am making progress. This is the latest error message:
"dovecot: imap-login: TLS: SSL_read() failed: error:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48"
It seems that I need a cert with a better reputation?
I should follow Arjen's advice:
> In most cases, Letsencrypt will work just fine.
Either that, or fork a few bucks for a commercial SSL Certificate.
Raymond
On 11/10/2020 4:12 PM, Raymond Herrera wrote:
>
> This is what I did. I obtained a certificate from this site:
>
> https://www.sslforfree.com
>
> They provided 3 files:
> certificate.crt
> private.key
>
> which make perfect sense as replacement for the 2 files provided by
> the distribution. I am guessing that I need somehow to append the 3rd
> file (ca_bundle.crt) to the first one? In order to raise its credibility?
>
> TIA
>
>
> On 11/10/2020 2:20 PM, Aki Tuomi wrote:
>>> On 10/11/2020 19:17 Raymond Herrera<raymond at forcewise.com> wrote:
>>>
>>>
>>> This is a followup to my thread "Recommended Protocols?".
>>> The error message is as follows:
>>> dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42
>>>
>>> I have selected both SSL/TLS and STARTTLS on the Thunderbird side, with identical results.
>>>
>>> The first question that I have is this. Is there any way to know whether that error messages comes from an attempt to read:
>>>
>>> (a) The server SSL certificate?
>>> (b) The client SSL certificate?
>>> Please find attached 2 log files. I am essentially using the distribution files as they come from the box.
>>>
>>> TIA
>>>
>>>
>> While bit confusing, this actually means the client did not trust the server certificate. Usually because you forgot the chain certs from the cert file.
>>
>> Aki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20201110/364fa9bd/attachment.html>
More information about the dovecot
mailing list