[Dovecot] Changing SSL certificates - switching from self-signed to RapidSSL
Charles Marcus
CMarcus at Media-Brokers.com
Fri Apr 18 20:12:05 UTC 2014
On 4/18/2014 3:57 PM, Charles Marcus <CMarcus at Media-Brokers.com> wrote:
> Everything seems to be working, BUT... I'm now seeing some of these
> errors, that were not showing up in the logs before:
>
> 2014-04-18T15:42:24-04:00 dinkumthinkum dovecot: imap-login:
> Disconnected (no auth attempts in 0 secs): user=<>, TLS: SSL_read()
> failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
> certificate: SSL alert number 42, rip=24.126.163.180, lport=143
> 2014-04-18T15:42:34-04:00 dinkumthinkum dovecot: imap-login:
> Disconnected (no auth attempts in 0 secs): user=<>, TLS: SSL_read()
> failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
> certificate: SSL alert number 42, rip=98.66.176.115, lport=143
>
> !2 total in the last 25 minutes since flipping the switch.
>
> and there have been two of these:
>
> 2014-04-18T15:54:07-04:00 dinkumthinkum dovecot: imap-login:
> Disconnected (no auth attempts in 0 secs): user=<>, TLS handshaking:
> SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3
> alert bad certificate: SSL alert number 42, rip=99.14.24.224, lport=143
>
> Not a huge number, but enough to be concerning...
Ahh... I'm sure we have some older clients that are still configured to
use a different hostname...
So, if the new certs are for mail.example.com, and a client tries to
connect using a different hostname, like imap.example.com, would that
result in these kinds of errors?
More information about the dovecot
mailing list