tlsv1 alert unknown ca: SSL alert number 48

Dr. Matthias Sitte matthias at familie-sitte.org
Fri Jun 17 06:43:11 UTC 2016 

Solution: Set 'peer_name' in the SSL stream context to the FQDN of the 
server certificate(s):

// IMAP socket context options
// See http://php.net/manual/en/context.ssl.php
$config['imap_conn_options'] = array(
   'ssl' => array(
     'peer_name' => '<FQDN_OF_DOVECOT_CERTIFICATE>',
     'verify_peer' => true,
     'verify_depth' => 3,
     #'cafile' => '/dont/need/to/set/this/option',
   ),
);

// SMTP socket context options
// See http://php.net/manual/en/context.ssl.php
$config['smtp_conn_options'] = array(
   'ssl' => array(
     'peer_name' => '<FQDN_OF_POSTFIX_CERTIFICATE>',
     'verify_peer' => true,
     'verify_depth' => 3,
     #'cafile' => '/dont/need/to/set/this/option',
   ),
);

Works for me.

On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:
> I think that you are right when you say that the problem may be the
> certificate recognition.
> 
> As for Roundcube, I've inserted the uncommented php code that you 
> provided
> in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file 
> for
> /config/defaults.inc.php. Unfortunately Roundcube doesn't login and 
> replies
>  with the message "connection to storage server failed". And the log 
> file
> of dovecot gives the reason: unknown certificate.
> 
> In order to solve this problem do you think that I should look into the
> configuration file of Squirrelmail/Roundcube or in the config file of
> Dovecot?
> 
> 
> On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
>> On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote:
>> > Hi,
>> >
>> > I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi
>> > running Raspbian Jassie OS.
>> >
>> > Now I would like to add an on-line e-mail client like Squirrelmail or
>> > Roundcube. I was able to start up these two clients but when I try to login
>> > I get this error message in the dovecot log:
>> >
>> > tlsv1 alert unknown ca: SSL alert number 48
>> >
>> > But I have inserted the self-signed certificate and key in
>> > /etc/dovecot/conf.d/10-master.conf
>> >
>> > Moreover, I can send and receive e-mails from/to my server, and I can login
>> > successfully to dovecot IMAP with Thunderbird.
>> >
>> > Can somebody give me a clue on how to solve this problem? Any help would me much
>> > appreciated.
>> >
>> > Regards,
>> > Maurizio
>> 
>> This could mean that the client has indicated it was unable to verify 
>> the server's certificate.
>> 
>> With regards to Roundcube, see this in config/defaults.inc.php:
>> 
>> //$config['imap_conn_options'] = array(
>> //  'ssl'         => array(
>> //     'verify_peer'  => true,
>> //     'verify_depth' => 3,
>> //     'cafile'       => '/etc/openssl/certs/ca.crt',
>> //   ),
>> // );
>> 
>>

More information about the dovecot mailing list