[Dovecot] problems with imaps
Matthias Leopold
matthias at aic.at
Fri Feb 22 18:21:38 EET 2013
Am 2013-02-22 17:02, schrieb Daniel Luttermann:
> On 2013-02-22, Matthias Leopold wrote:
>
>> with thunderbird 10.0.12 i can't connect to port 993 and get errors in
>> the logs like
>
>> TLS: SSL_read() failed: error:14094412:SSL
>> routines:SSL3_READ_BYTES:sslv3 alert bad certificate
>
>> (certificate generated by dovecot mkcert.sh)
>
>> or
>
>> TLS: SSL_read() failed: error:14094418:SSL
>> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>
>> (certificate generated by own openssl cmdline)
>
> Did you create a Root CA certificate? If not, I would prefer to create
> your own CA and sign all certs with this Root CA certificate. You'll
> have to import the created Root CA certificate in Thunderbird and/or
> the Microsoft Certificate Store so that the applications can trust the
> self signed certificates.
>
> You could also use a free Certificate Authority like StartSSL but the
> Root CA certificate must also be available in the certificate store of
> the application (Thunderbird, MS, Opera...).
>
> --
> Daniel
>
>
thx, but this is not an option as this server is used by our customers
who won't be willing to import this CA certificate. i know about the
limitations of self signed certificates and i think it's ok for a user
to import an "unsecure" certificate once. after all this does work for
starttls and works for some clients with imaps. i didn't find any hint
that i can't use self signed certificates for imaps/pops
matthias
More information about the dovecot
mailing list