Re: [Dovecot] Dovecot SSL issues

29 Jan 2010

      Spyros Tsiolis wrote:
...
* Trying protocol imap/ssl, Port 993:

      ERROR - The server returned the following error message:

      SECURITY PROBLEM: insecure server advertised AUTH=PLAINCertificate failure for localhost: self signed certificate:
      /C=GR/ST=Kerkyra/L=Kerkyra/O=The Company Name/OU=IMAP
      server/CN=webmail.thecompanyname.gr/emailAddress=postmaster@webmail.thecompanyname.gr
From what I understand, it doesn't like the certificate.
However, I've followed a howto document step-by-step and did what
is documented.
The webmail connects to server 'localhost', but the SSL certificate that
is presented, does not contain hostname 'localhost', but
'webmail.thecompanyname.gr'.
This error is harmless, but you could setup dovecot to listen for both
ssl and non-ssl connections, and setup your webmail to use the non-ssl
connection: ssl over localhost is probably a waste of cpu cycles.
...
Now, if I click on "Get Mail" button on top of the TB window, I get a
pop-up window with the following message :

Server :
Location : :993
Certificate Status :
This site attempts to identify itself with invalid information.
Wrong Site :
Certificate belongs to a different site, which could indicate an
identity theft.
This is the same issue as above: you instruct the client to connect to
host '1.2.3.4', but the SSL certificate does not contain '1.2.3.4', but
'webmail.thecompanyname.gr'. TB tells you about this.
The name in the certificate (CN) must match the hostname that is used to
connect to by the client. When you tell your client to connect to
'imap.thecompanyname.gr', use a certificate that contains
'imap.thecompanyname.gr' as the CN.
...
Unknown Identity :
Certificate is not trusted, because it hasn't been verified by a
recognized authority.
You use a self-segned certificate, and not one that is bought from a
'trusted' certificate authority.
...

You cannot log in to  because you have enabled
secure authentication and this serer does not support it.
To log in, turn off secure authentication for this account.
Try to unset "CHECK_ON : Use secure authentication" in thunderbird. This
has no use since you are already sending your password over ssl.
--
Regards,
Tom

Re: [Dovecot] Dovecot SSL issues

Tom Hendrikx

Unknown Identity : Certificate is not trusted, because it hasn't been verified by a recognized authority.

You cannot log in to because you have enabled secure authentication and this serer does not support it. To log in, turn off secure authentication for this account.