Thanks Markus and Oscar...
On 4/18/2014 3:29 PM, Markus Schönhaber dovecot@list-post.mks-mail.de wrote:
Aside from the missing indirection (use ... =
Yeah, the < was in the config, dunno how it got stripped from my post - or maybe I manually typed those - yeah, I think I did...
Instead, cat your new server certificate together with the CA certificates into one file and point ssl_cert to this file (see "Chained SSL certificates" in http://wiki2.dovecot.org/SSL/DovecotConfiguration ).
Ok, did that and made the config change and restarted dovecot.
Everything seems to be working, BUT... I'm now seeing some of these errors, that were not showing up in the logs before:
2014-04-18T15:42:24-04:00 dinkumthinkum dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42, rip=24.126.163.180, lport=143 2014-04-18T15:42:34-04:00 dinkumthinkum dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42, rip=98.66.176.115, lport=143
!2 total in the last 25 minutes since flipping the switch.
and there have been two of these:
2014-04-18T15:54:07-04:00 dinkumthinkum dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42, rip=99.14.24.224, lport=143
Not a huge number, but enough to be concerning...
Could this just be from cached junk from some clients, and they will resolve themselves over time?
--
Best regards,
Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6224 | 678.514.6299 fax