[Dovecot] TLS with autosigned certs
Is normal this info/error with autosigned certs?
Feb 14 20:25:47 pop3-login: Info: Disconnected (no auth attempts):ip=[127.0.0.1], port=[51243], protocol=pop3, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48
I set on config a specific certs for pop3 protocol including key, cert and ca,
protocol pop3 { ssl_cert = </etc/ssl/pop3d.cert ssl_key = </etc/ssl/pop3d.key ssl_ca = </etc/ssl/ca.pem }
If I check as true confirmed on Thunderbird client, then, the error is no reported any more.
-- Antonio Pérez-Aranda Alcaide aperezaranda@yaco.es
Yaco Sistemas S.L. http://www.yaco.es/ C/ Rioja 5, 41001 Sevilla Teléfono +34 954 50 00 57 Fax +34 954 50 09 29
Is possible mute this error?
2011/2/14 Antonio Perez-Aranda <aperezaranda@yaco.es>:
Is normal this info/error with autosigned certs?
Feb 14 20:25:47 pop3-login: Info: Disconnected (no auth attempts):ip=[127.0.0.1], port=[51243], protocol=pop3, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48
I set on config a specific certs for pop3 protocol including key, cert and ca,
protocol pop3 { ssl_cert = </etc/ssl/pop3d.cert ssl_key = </etc/ssl/pop3d.key ssl_ca = </etc/ssl/ca.pem }
If I check as true confirmed on Thunderbird client, then, the error is no reported any more.
-- Antonio Pérez-Aranda Alcaide aperezaranda@yaco.es
Yaco Sistemas S.L. http://www.yaco.es/ C/ Rioja 5, 41001 Sevilla Teléfono +34 954 50 00 57 Fax +34 954 50 09 29
-- Antonio Pérez-Aranda Alcaide aperezaranda@yaco.es
Yaco Sistemas S.L. http://www.yaco.es/ C/ Rioja 5, 41001 Sevilla Teléfono +34 954 50 00 57 Fax +34 954 50 09 29
Am 15.02.2011 09:59, schrieb Antonio Perez-Aranda:
Is possible mute this error?
2011/2/14 Antonio Perez-Aranda <aperezaranda@yaco.es>:
Is normal this info/error with autosigned certs?
Feb 14 20:25:47 pop3-login: Info: Disconnected (no auth attempts):ip=[127.0.0.1], port=[51243], protocol=pop3, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48
I set on config a specific certs for pop3 protocol including key, cert and ca,
protocol pop3 { ssl_cert = </etc/ssl/pop3d.cert ssl_key = </etc/ssl/pop3d.key ssl_ca = </etc/ssl/ca.pem }
If I check as true confirmed on Thunderbird client, then, the error is no reported any more.
-- Antonio Pérez-Aranda Alcaide aperezaranda@yaco.es
Yaco Sistemas S.L. http://www.yaco.es/ C/ Rioja 5, 41001 Sevilla Teléfono +34 954 50 00 57 Fax +34 954 50 09 29
verbose_ssl=no
may help
-- Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
On 15.2.2011, at 10.59, Antonio Perez-Aranda wrote:
Is possible mute this error?
2011/2/14 Antonio Perez-Aranda <aperezaranda@yaco.es>:
Is normal this info/error with autosigned certs?
Feb 14 20:25:47 pop3-login: Info: Disconnected (no auth attempts):ip=[127.0.0.1], port=[51243], protocol=pop3, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48
That's not really an error.. It's a reason for why disconnection happened. Every time client gets disconnected a line such as this gets logged. So if that error was hidden, you would still get this line, just with a shorter reason for disconnection (e.g. would end with "TLS handshaking"). I don't really see a reason why the message should be made less detailed.
participants (3)
-
Antonio Perez-Aranda
-
Robert Schetterer
-
Timo Sirainen