Self-Signed Certificate issue

chaouche yacine yacinechaouche at yahoo.com
Sun Sep 25 10:19:12 UTC 2016


From: Darryl Baker <darryl.p.baker at gmail.com>


 To: dovecot at dovecot.org 
 Sent: Friday, September 23, 2016 6:07 PM
 Subject: Self-Signed Certificate issue
   
I keep getting what I am interpreting as
a missing CA cert. The message is:

dovecot: imap-login: Error: SSL: Stacked error: error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48

That's because your client doesn't know about the certificate *issuer* so it doesn't trust it (the certificate), it's not an *authority* (the A in CA). What you need to do is include the *issuer's* certificate in your server's. But even then, the issuer was yourself, and your are not trusted either on the client's side. So what you need to do is install the root certificate in the client's machine so that certificates signed with it are trusted. When root cert is trusted on the client side, it will trust the intermediate (issuer) certificate because it was signed by it, and trust the server's certificate because it was signed by the intermediate (this is why it's called a certificate *chain* which often has only one intermediate CA although many intermediates are possible).
So it's ROOT CA CERT >>signs>> INTERMEDIATE CA CERT >>signs>> SERVER CERT



   


More information about the dovecot mailing list