I found out that the concatenation is simply text based here:
And am making progress. This is the latest error message:
"dovecot: imap-login: TLS: SSL_read() failed: error:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48"
It seems that I need a cert with a better reputation?
I should follow Arjen's advice:
In most cases, Letsencrypt will work just fine.
Either that, or fork a few bucks for a commercial SSL Certificate.
Raymond
On 11/10/2020 4:12 PM, Raymond Herrera wrote:
This is what I did. I obtained a certificate from this site:
They provided 3 files: certificate.crt private.key
which make perfect sense as replacement for the 2 files provided by the distribution. I am guessing that I need somehow to append the 3rd file (ca_bundle.crt) to the first one? In order to raise its credibility?
TIA
On 11/10/2020 2:20 PM, Aki Tuomi wrote:
On 10/11/2020 19:17 Raymond Herreraraymond@forcewise.com wrote:
This is a followup to my thread "Recommended Protocols?". The error message is as follows: dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42
I have selected both SSL/TLS and STARTTLS on the Thunderbird side, with identical results.
The first question that I have is this. Is there any way to know whether that error messages comes from an attempt to read:
(a) The server SSL certificate? (b) The client SSL certificate? Please find attached 2 log files. I am essentially using the distribution files as they come from the box.
TIA
While bit confusing, this actually means the client did not trust the server certificate. Usually because you forgot the chain certs from the cert file.
Aki