Unable to connect from macOS mail client
When trying to add mail account to the macOS mail client, I get following error
Feb 13 13:05:15 imap-login: Info: Disconnected: Connection closed: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 (no auth attempts in 0 secs): user=<>, rip=157.48.200.20, lip=192.168.1.101, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<5mZDV+HXxK+dMMgU>
How to fix it?
— Necktwi
On 13/02/2022 11:26 necktwi necktwi@icloud.com wrote:
When trying to add mail account to the macOS mail client, I get following error
Feb 13 13:05:15 imap-login: Info: Disconnected: Connection closed: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 (no auth attempts in 0 secs): user=<>, rip=157.48.200.20, lip=192.168.1.101, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<5mZDV+HXxK+dMMgU>
How to fix it?
— Necktwi
alert 46 means that you are not using fullchain cert in your ssl_cert.
The ssl_cert file should contain the cert followed by intermediate certs between the cert and root, so clients can form trust path to root.
Aki Tuomi
After adding “<“ before ssl_ca file path, macOS mail client complained no more. Why do we need “<“ before file paths? — Necktwi
On 14-Feb-2022, at 12:33 PM, Aki Tuomi aki.tuomi@open-xchange.com wrote:
On 13/02/2022 11:26 necktwi necktwi@icloud.com wrote:
When trying to add mail account to the macOS mail client, I get following error
Feb 13 13:05:15 imap-login: Info: Disconnected: Connection closed: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 (no auth attempts in 0 secs): user=<>, rip=157.48.200.20, lip=192.168.1.101, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<5mZDV+HXxK+dMMgU>
How to fix it?
— Necktwi
alert 46 means that you are not using fullchain cert in your ssl_cert.
The ssl_cert file should contain the cert followed by intermediate certs between the cert and root, so clients can form trust path to root.
Aki Tuomi
On Sat, 19 Feb 2022, necktwi wrote:
After adding “<“ before ssl_ca file path, macOS mail client complained no more. Why do we need “<“ before file paths? — Necktwi
Because the manual says so? :)
"The < is mandatory. It indicates that the variable should contain contents of the file, instead of the file name. Not using it will cause an error." (https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/)
Or is it a rhetorical question?
So presumably the entire contents of the ssl public and/or private key could be included verbatim in the configuration file without the "<" input pipeline redirection symbol.
On February 19, 2022 5:25:15 AM AKST, Bernardo Reino reinob@bbmk.org wrote:
On Sat, 19 Feb 2022, necktwi wrote:
After adding “<“ before ssl_ca file path, macOS mail client complained no more. Why do we need “<“ before file paths? — Necktwi
Because the manual says so? :)
"The < is mandatory. It indicates that the variable should contain contents of the file, instead of the file name. Not using it will cause an error." (https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/)
Or is it a rhetorical question?
Sent from my Android device with K-9 Mail. Please excuse my brevity.
participants (4)
-
Aki Tuomi
-
Bernardo Reino
-
justina colmena ~biz
-
necktwi