[Dovecot] Thunderbird STARTTLS error

Ken Stevenson ken at allenmyland.com
Wed May 9 15:32:52 EEST 2012


>
> I got only this keys. Can you explain me what exactly you mean with
> adding chains?
> And I wonder why this error only occurs in Thunderbird, not in 
> openssl.
>

Never mind, I don't think my first guess was correct. I wonder if it 
has to do with the error 27 reported in the verify by openssl. According 
to the manual, an error 27 means:

"the root CA is not marked as trusted for the specified purpose."

It looks like the certificate is valid cryptographically, but that it 
wasn't certified for how you're using it.

If I run:

openssl x509 -in ssl.crt -noout -text

The output includes the following:

             X509v3 Extended Key Usage:
                 TLS Web Server Authentication, TLS Web Client 
Authentication
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment

Does yours look different?



More information about the dovecot mailing list