Hi, I'm running a new dovecot 2.0.9 under Centos 6.4. I'm having an issue with SSL certificate not being accepted by the email client. I have my own CA and I have generated certificates for web usage without a problem.
For imaps and pop3s what I did was generate a certificate for the hostname of my dovecot server and then cat that cert with the intermediate and root CA certificates. No matter what thunderbird still complains with Unknown identity.
# 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.2.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_username_format = %n disable_plaintext_auth = no log_path = /var/log/dovecot.log mail_fsync = never mail_home = /vmail/%u mail_location = maildir:~/Maildir mail_plugins = quota managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { driver = pam } plugin { quota = maildir:User quota quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service lmtp { unix_listener lmtp { user = vmail } } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } } ssl_cert =
This is the log:
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL alert: where=0x4004, ret=558: fatal certificate unknown [192.168.0.1] Jul 11 15:38:45 imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [192.168.0.1] Jul 11 15:38:45 imap-login: Info: Disconnected (no auth attempts): rip=192.168.0.1, lip=192.168.1.1, TLS: SSL_read() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46
Thx in advance
Peter