Am 09.01.2012 10:37, schrieb Simon Loewenthal:
On 09/01/12 10:27, Robert Schetterer wrote:
Am 09.01.2012 10:16, schrieb J4K:
Morning everyone,
On the 8th of Jan the TLS/SSL certificate I use with Dovecot expired. I replaced it with a new on the 9th of Jan. I tested this with Thunderbird and all is well.
This morning people tell me they cannot get their email using their mobile telephones : K9 Mail
I have reverted the SSL cert back to the old one just in case. Thunderbird will works.
Dovecot 1:1.2.15-7 running on Debian 6
The messages in the logs are:
Jan 9 10:11:37 logout dovecot: imap-login: Disconnected (no auth attempts): rip=90.131.95.130, lip=88.119.95.13, TLS: Disconnected Jan 9 10:11:38 logout dovecot: imap-login: Disconnected (no auth attempts): rip=90.131.95.130, lip=88.119.95.13, TLS: Disconnected
In dovecot.conf I have this set :
disable_plaintext_auth = no
And the auth default mechanisms are set to: mechanisms = plain login
What is strange is the only item that changed is the SSL cert, which has since been changed back to the old one (which has expired... ^^).
Any ideas where I may look or change?
Regards, S if you only changed the crt etc, and youre sure you did everything right
perhaps you have forgot adding a needed intermediate cert ?
read here http://www.trustico.co.uk/install/how-to-install-ssl-certificate.php
Required Intermediate Certificates (CA Certificates)
To successfully install your SSL Certificate you may be required to install an Intermediate CA Certificate. Please review the above installation instructions carefully to determine if an Intermediate CA Certificate is required, how to obtain it and correctly import it into your system. For more information please Contact Us. Alternatively, and for systems not covered by the above installation instructions, please use our Intermediate Certificate Wizard to find the correct CA Certificate or Root Bundle that is required for your SSL Certificate to function correctly. Find Out More Information I know that the intermediate certs are messed up, which is why I rolled back to the old expired certificate. I did not expect an expired certificate to block authentication, and it does not mean that it does block. The problem may be elsewhere.
that might be a k9 problem ( older versions ) or in android older versions, is there a ignore ssl failure option as workaround
what does thunderbird tell you about the new cert ?
but for sure the problem may elsewhere
-- PGP is optional: 4BA78604 simon @ klunky . org simon @ klunky . co.uk I won't accept your confidentiality agreement, and your Emails are kept. ~Ö¿Ö~
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria