On 16. 9. 2010 23:48, Timo Sirainen wrote:
On 16.9.2010, at 22.20, Ing. Daniel RozsnyĆ³ wrote:
Sep 16 23:12:30 [dovecot] imap-login: Disconnected (no auth attempts): rip=192.168.77.202, lip=192.168.77.201, mpid=0, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42 My guess: The upgrade changed/broke Dovecot's SSL certificates. doveconf -n output would have been useful.
The first line is temporal, for accessing emails on :143 (its over VPN so still secure).
~ $ dovecot -n # 2.0.2: /etc/dovecot/dovecot.conf # OS: Linux 2.6.35-gentoo-r6 i686 Gentoo Base System release 2.0.1 disable_plaintext_auth = no listen = * mail_location = maildir:~/.maildir passdb { args = * driver = pam } protocols = imap ssl_cert =
The files which are referred in SSL are:
-r-------- 1 root root 887 Nov 11 2009 server.key -r-------- 1 root root 1930 Nov 11 2009 server.pem
The KEY contains an rsa private key and PEM is a private key + certificate (no DH). These are the files which were used before and they have worked.
Trying to change their owner/group to dovecot:dovecot does not help, same error occurs. Renaming them or broking the filenames in ssl_cert/key results in different error:
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 13: ssl_cert: Can't open file /etc/ssl/dovecot/server.pem: No such file or directory
Thats all. Other ideas? Regenerate the SSL key/certificate? Try other client?
Daniel