STARTTLS issue with sieve
Alexander Dalloz
ad+lists at uni-x.org
Sun Jul 9 14:14:56 EEST 2017
Am 08.07.2017 um 23:10 schrieb Heiko Schlittermann:
> As it seem, Pigeonhole sends you the full cert chain:
>
>> *** Starting TLS handshake
>> - Certificate type: X.509
>> - Got a certificate list of 3 certificates.
>> - Certificate[0] info:
>> - subject `C=DE,ST=Baden-Wuerttemberg,L=Ettlingen,O=NOVA Elektroanlagen
> …
>> - Certificate[2] info:
>> - subject `C=DE,ST=Baden-Wuerttemberg,L=Ettlingen,O=NOVA Elektroanlagen
>> GmbH,OU=NOVA Root CA,CN=NOVA Root CA', issuer
> The last one being the CA used.
>
>> SHA-1 fingerprint `95326e3ff12683cc40a85874d562d0a6f15dcb37'
>> - Status: The certificate is NOT trusted. The certificate issuer is unknown.
>> *** PKI verification of server certificate failed...
>> *** Fatal error: Err
It is wrong to send the root CA along with the intermediate and server
certificates. The root CA cert must be in the CA trust bundle of the client.
Alexander
More information about the dovecot
mailing list