[Dovecot] SSL_accept failed
Timothy Martin
instanttim at mac.com
Sun Sep 10 02:24:37 EEST 2006
So thunderbird actually seems to work fine, but Mail.app doesn't. I
get the warning from thunderbird about the self-signed cert, but
mail.app doesn't give me any warning at all. I'm used to getting the
warning from Mail.app when i use my courier imap server... which
works just fine with my self-signed certs.
Do you think it makes a difference how you created the cert? Over the
years i've found two different ways to do it. One way involves making
the CA cert and creating a CSR and it's many many steps. But
alternatively I found that I can normally do it in a single step like
so:
openssl req -x509 -newkey rsa:2048 -keyout private/dovecot.key -out
certs/dovecot.cert -days 365 -nodes
But admittedly, despite reading many a source on certs and ssl I
really don't understand the finer points of it.
.tim
On Sep 9, 2006, at 10:55am, OpenMacNews wrote:
> i'm running dovecot on OSX, but have previously had _similar_ troubles
> that, eventually, turned out to be borked certs.
>
> have you checked/verified the certs?
>
> if not, take a look with:
>
> (1) another server, if you have it
> (2) mulberry MUA (mulberrymail.com) or thunderbird. both have nice
> cert view capabilities. simply dunno if Mail.app does -- i don't
> use it
> (3) check your certs with, e.g.:
>
> openssl verify -verbose -issuer_checks -purpose sslserver -CAfile
> 'my_CA_CERT' 'my_SVR_CERT'
>
> fwiw, there's a useful reference starting point here:
>
> "Certificate Management and Installation with OpenSSL"
> http://gagravarr.org/writing/openssl-certs/
More information about the dovecot
mailing list