After adding “<“ before ssl_ca file path, macOS mail client complained no more. Why do we need “<“ before file paths? — Necktwi
On 14-Feb-2022, at 12:33 PM, Aki Tuomi aki.tuomi@open-xchange.com wrote:
On 13/02/2022 11:26 necktwi necktwi@icloud.com wrote:
When trying to add mail account to the macOS mail client, I get following error
Feb 13 13:05:15 imap-login: Info: Disconnected: Connection closed: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 (no auth attempts in 0 secs): user=<>, rip=157.48.200.20, lip=192.168.1.101, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<5mZDV+HXxK+dMMgU>
How to fix it?
— Necktwi
alert 46 means that you are not using fullchain cert in your ssl_cert.
The ssl_cert file should contain the cert followed by intermediate certs between the cert and root, so clients can form trust path to root.
Aki Tuomi