Self-Signed Certificate issue
Darryl Baker
darryl.p.baker at gmail.com
Sun Sep 25 18:19:42 UTC 2016
Building a new certificate as described in a previous email worked.
*Darryl Baker*
On Sun, Sep 25, 2016 at 5:19 AM, chaouche yacine <yacinechaouche at yahoo.com>
wrote:
> *From:* Darryl Baker <darryl.p.baker at gmail.com>
>
>
> *To:* dovecot at dovecot.org
> *Sent:* Friday, September 23, 2016 6:07 PM
> *Subject:* Self-Signed Certificate issue
>
> I keep getting what I am interpreting as
> a missing CA cert. The message is:
>
> dovecot: imap-login: Error: SSL: Stacked error: error:14094418:SSL
> routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48
>
> That's because your client doesn't know about the certificate *issuer* so
> it doesn't trust it (the certificate), it's not an *authority* (the A in
> CA). What you need to do is include the *issuer's* certificate in your
> server's. But even then, the issuer was yourself, and your are not trusted
> either on the client's side. So what you need to do is install the root
> certificate in the client's machine so that certificates signed with it are
> trusted. When root cert is trusted on the client side, it will trust the
> intermediate (issuer) certificate because it was signed by it, and trust
> the server's certificate because it was signed by the intermediate (this is
> why it's called a certificate *chain* which often has only one intermediate
> CA although many intermediates are possible).
>
> So it's ROOT CA CERT >>signs>> INTERMEDIATE CA CERT >>signs>> SERVER CERT
>
>
>
>
More information about the dovecot
mailing list