On Sep 14, 2013, at 3:28 PM, Daniel Reinhardt wrote:
Are you getting asked to add an exception to the email applications certificate dialogue box?
This is an example with Thunderbird.
http://jwrr.com/content/Hostgator-Thunderbird-Email-Configuration/images/thu...
No, it never gets to that point. Mail.app crashes right after I start it.
I am able to access this IMAP server with Thunderbird.
Dan
On Sat, Sep 14, 2013 at 7:21 PM, Dan Langille <dan@langille.org> wrote:
On Sep 13, 2013, at 9:55 PM, Noel Butler wrote:
On Fri, 2013-09-13 at 10:18 -0400, Dan Langille wrote:
Perhaps I am doing the chain incorrectly. I just tried again. The server is now set up with the following:
I have three certs in this chain file:
cat imaps.unixathome.org.pem sub.class1.server.ca.pem ca.pem > testing.chain.pem
1 - the certificate issued by startssl for my server 2 & 3 - the PEM files for StartSSL as found at http://www.startssl.com/certs/
That is the correct chain method, and order
$ openssl s_client -connect imaps.unixathome.org:993 -quiet depth=2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority verify error:num=19:self signed certificate in certificate chain
Never panic about the above, it is just indicating (rightly so) you have a local certificate (the first) in your chain.
ssl_cert = </usr/local/etc/ssl/imaps.unixathome.org.crt ssl_key = </usr/local/etc/ssl/imaps.unixathome.org.nopassword.key
correct method, so long as the cert and key files are named correctly and in the right location.
ssl = required
Bit dangerous... and may be the cause of your problems, change to : ssl = yes
We use startssl and have many android, blackberry, and iphone users (maybe even win phone Lusers too ;) who knows) amongst desktop/laptop types and never had any problems with them using startssl
Hmmm, I tried ssl = yes. Mail.app still crashes when trying to connect.
I also try the cert bundle mentioned by Johan.
The server says:
Sep 14 19:19:22 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [173.49.195.214] Sep 14 19:19:22 imaps dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=173.49.195.214, lip=199.233.228.197, TLS handshaking: Disconnected, session=<8+862VzmPwCtMcPW>
What is this… read client certificate? There is no client certification in this config.
: doveconf -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE-p6 amd64 auth_debug = yes auth_verbose = yes first_valid_gid = 1001 first_valid_uid = 1001 mail_debug = yes mail_location = maildir:~/Maildir mail_privileged_group = mail passdb { args = scheme=BLF-CRYPT /var/db/dovecot.users driver = passwd-file } protocols = imap service imap-login { inet_listener imap { port = 0 } inet_listener imaps { address = 199.233.228.197 } } ssl_cert = </usr/local/etc/ssl/testing.chain.pem ssl_key = </usr/local/etc/ssl/imaps.unixathome.org.nopassword.key userdb { args = /var/db/dovecot.users driver = passwd-file } verbose_proctitle = yes verbose_ssl = yes protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep }
-- Dan Langille - http://langille.org
-- Daniel Reinhardt cryptodan@cryptodan.net http://www.cryptodan.net 301-875-7018(c) 410-455-0488(h)
-- Dan Langille - http://langille.org