On 7/11/2013 11:47 AM, Peter von Nostrand wrote:
Hi, I'm running a new dovecot 2.0.9 under Centos 6.4. I'm having an issue with SSL certificate not being accepted by the email client. I have my own CA and I have generated certificates for web usage without a problem.
For imaps and pop3s what I did was generate a certificate for the hostname of my dovecot server and then cat that cert with the intermediate and root CA certificates. No matter what thunderbird still complains with Unknown identity.
If you have access to a Unix / Linux system, you can use openssl with the s_client command to connect to your mail server, much as you would have done with telnet in the old days. openssl shows all of the key exchange in detail and should be more than enough for you to be able to debug your problem. Compare fingerprints of the keys you have stored with those being sent to/from the server.
Example:
openssl s_client -connect mail.mydomain.com:995
Dem