Thunderbird can't connect to Dovecot (bad certificate: SSL alert number 42)
Goetz Schultz
dovecot.expire1225 at suelze.de
Sun Sep 18 10:52:50 UTC 2022
On 18/09/2022 11:09, Stuart Henderson wrote:
> On 2022-09-14, Goetz Schultz <dovecot.expire1225 at suelze.de> wrote:
>> I had the same issue on TB102. Self-Signed certificates rejected despite
>> having the CA installed correctly as authority. Turns out out that that
>> TB now wants extension "Subject Alt Names". Added that and all works
>> now. Seems another Google pressed issue being introduced (my Chromium
>> had same issues and rejected certs before I added SAN).
>
> It's not just a "Google pressed issue".
Seems I was a hasty in blaming .....
[..]
>
> Practically this means you need to make sure that if you use self-
> signed or internal CA certificates you include subjectAlternativeName
> otherwise they won't work with some client software. If you use public
> CA-signed certs you typically don't need to do this yourself because
> the CA adds SAN if missing from the CSR (their only other option is
> to reject issuance).
>
Thanks for the elaboration. I have it now under control to sign certs
that have a SAN in the CSR.
Thanks and regards
Goetz R Schultz
---------------->8----------------
Quis custodiet ipsos custodes?
/"\
\ / ASCII Ribbon Campaign
X against HTML e-mail
/ \
----------------8<----------------
---------------------------->8------------------------------
/"\
\ / ASCII Ribbon Campaign
X against HTML e-mail
/ \
This message is transmitted on 100% recycled electrons.
---------------------------->8------------------------------
Unsigned message - no responsibillity that content is not altered
More information about the dovecot
mailing list