I found out that the concatenation is simply text based here:
And am making progress. This is the latest error message:
"dovecot: imap-login: TLS: SSL_read() failed: error:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number
48"
It seems that I need a cert with a better reputation?
I should follow Arjen's advice:
> In most cases, Letsencrypt will work just fine.
Either that, or fork a few bucks for a commercial SSL Certificate.
Raymond
This is what I did. I obtained a certificate from this site:
They provided 3 files:
certificate.crt
private.keywhich make perfect sense as replacement for the 2 files provided by the distribution. I am guessing that I need somehow to append the 3rd file (ca_bundle.crt) to the first one? In order to raise its credibility?
TIA
On 11/10/2020 2:20 PM, Aki Tuomi wrote:
On 10/11/2020 19:17 Raymond Herrera <raymond@forcewise.com> wrote: This is a followup to my thread "Recommended Protocols?". The error message is as follows: dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 I have selected both SSL/TLS and STARTTLS on the Thunderbird side, with identical results. The first question that I have is this. Is there any way to know whether that error messages comes from an attempt to read: (a) The server SSL certificate? (b) The client SSL certificate? Please find attached 2 log files. I am essentially using the distribution files as they come from the box. TIAWhile bit confusing, this actually means the client did not trust the server certificate. Usually because you forgot the chain certs from the cert file. Aki