tlsv1 alert unknown ca: SSL alert number 48
Gedalya
gedalya at gedalya.net
Sat Jun 18 04:34:31 UTC 2016
What version of Roundcube are you using?
On 06/17/2016 04:14 PM, Maurizio Dall'Acqua wrote:
> I have tried all the suggestions up till now but the error message is still
> there.
>
> I have tried this configuaration for roundcube:
>
> $config['imap_conn_options'] = array(
> 'ssl' => array(
> 'peer_name' => '<FQDN_OF_DOVECOT_CERTIFICATE>',
> 'verify_peer' => true,
> 'verify_depth' => 3,
> // 'cafile' => '/dont/need/to/set/this/option',
> ),
> );
>
> and this one:
>
> $config['imap_conn_options'] = array(
> 'ssl' => array(
> 'verify_peer' => false,
> 'verify_peer_name' => false,
> ),
> );
>
> and this one too:
>
> $config['imap_conn_options'] = array(
> 'ssl' => array(
> 'verify_peer' => true,
> 'verify_depth' => 3,
> 'cafile' => '/path/to/my/self/signed/certificate.pem',
> ),
> );
>
> I'm at a loss :-(
>
>
>
>
>
> On Fri, Jun 17, 2016 at 08:43:11AM +0200, Dr. Matthias Sitte wrote:
>> Solution: Set 'peer_name' in the SSL stream context to the FQDN of the
>> server certificate(s):
>>
>> // IMAP socket context options
>> // See http://php.net/manual/en/context.ssl.php
>> $config['imap_conn_options'] = array(
>> 'ssl' => array(
>> 'peer_name' => '<FQDN_OF_DOVECOT_CERTIFICATE>',
>> 'verify_peer' => true,
>> 'verify_depth' => 3,
>> #'cafile' => '/dont/need/to/set/this/option',
>> ),
>> );
>>
>> // SMTP socket context options
>> // See http://php.net/manual/en/context.ssl.php
>> $config['smtp_conn_options'] = array(
>> 'ssl' => array(
>> 'peer_name' => '<FQDN_OF_POSTFIX_CERTIFICATE>',
>> 'verify_peer' => true,
>> 'verify_depth' => 3,
>> #'cafile' => '/dont/need/to/set/this/option',
>> ),
>> );
>>
>> Works for me.
>>
>> On 2016-06-16 20:43, Maurizio Dall'Acqua wrote:
>>> I think that you are right when you say that the problem may be the
>>> certificate recognition.
>>>
>>> As for Roundcube, I've inserted the uncommented php code that you provided
>>> in /usr/share/roundcube/main.inc.php.dist, which is the Raspbian file for
>>> /config/defaults.inc.php. Unfortunately Roundcube doesn't login and
>>> replies
>>> with the message "connection to storage server failed". And the log file
>>> of dovecot gives the reason: unknown certificate.
>>>
>>> In order to solve this problem do you think that I should look into the
>>> configuration file of Squirrelmail/Roundcube or in the config file of
>>> Dovecot?
>>>
>>>
>>> On Wed, Jun 15, 2016 at 05:48:32PM -0400, Gedalya wrote:
>>>> On 06/15/2016 04:26 PM, Maurizio Dall'Acqua wrote:
>>>>> Hi,
>>>>>
>>>>> I have set up a mail server with postfix+dovecot 2.2.13 on my raspberry pi
>>>>> running Raspbian Jassie OS.
>>>>>
>>>>> Now I would like to add an on-line e-mail client like Squirrelmail or
>>>>> Roundcube. I was able to start up these two clients but when I try to login
>>>>> I get this error message in the dovecot log:
>>>>>
>>>>> tlsv1 alert unknown ca: SSL alert number 48
>>>>>
>>>>> But I have inserted the self-signed certificate and key in
>>>>> /etc/dovecot/conf.d/10-master.conf
>>>>>
>>>>> Moreover, I can send and receive e-mails from/to my server, and I can login
>>>>> successfully to dovecot IMAP with Thunderbird.
>>>>>
>>>>> Can somebody give me a clue on how to solve this problem? Any help would me much
>>>>> appreciated.
>>>>>
>>>>> Regards,
>>>>> Maurizio
>>>> This could mean that the client has indicated it was unable to verify
>>>> the server's certificate.
>>>>
>>>> With regards to Roundcube, see this in config/defaults.inc.php:
>>>>
>>>> //$config['imap_conn_options'] = array(
>>>> // 'ssl' => array(
>>>> // 'verify_peer' => true,
>>>> // 'verify_depth' => 3,
>>>> // 'cafile' => '/etc/openssl/certs/ca.crt',
>>>> // ),
>>>> // );
>>>>
>>>>
More information about the dovecot
mailing list