Am 11.07.2013 20:47, schrieb Peter von Nostrand:
I'm running a new dovecot 2.0.9 under Centos 6.4. I'm having an issue with SSL certificate not being accepted by the email client. I have my own CA and I have generated certificates for web usage without a problem.
For imaps and pop3s what I did was generate a certificate for the hostname of my dovecot server and then cat that cert with the intermediate and root CA certificates. No matter what thunderbird still complains with Unknown identity.
because thunderbird does not trust your own CA by default without import it there by hand - you can not expect to cat your CA to the cert for the server and that is enough to get truested by the client - if so everybody would do this to make his DNS forgery successful
please do not post debug logs anywhere without requested
This is the log: Jul 11 15:38:45 imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [192.168.0.1]
the below is clear because the client does not finish the TLS handshake
Jul 11 15:38:45 imap-login: Info: Disconnected (no auth attempts): rip=192.168.0.1, lip=192.168.1.1, TLS: SSL_read() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46