s_client: Option unknown option -trace *** x509: Unknown parameter text
On 5/25/20 11:49 AM, Aki Tuomi wrote:
Hi! Can you do openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem and check these things: your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see this by looking for 1.3.6.1.5.5.7.1.24 Also, can you provide output of openssl s_client -connect host:993 -trace AkiOn 25/05/2020 18:46 hanas...@gmail.com <hanas...@gmail.com> wrote:Hello Aki and all,The below lines are in the dovecot config file. This seems to be the same as Aki's suggestion. correct? I have also double checked file perms, tried with several new key gens, several versions of thunderbird and created completely new thunderbird profiles. Thank you, ssl_cert = </etc/letsencrypt/live/...../fullchain.pem ssl_key = </etc/letsencrypt/live/...../privkey.pem On 5/25/20 11:11 AM, Aki Tuomi wrote:The real reason is that you have misconfigured your cert. Alert 42 means that the *client* consider *server* client untrusted. If you are using LE cert you should configure ssl_cert=</etc/letsencrypt/live/domain/fullchain.pem ssl_key=</etc/letsencrypt/live/domain/privkey.pem AkiOn 25/05/2020 18:01 Hanasaki Jiji <hanas...@gmail.com> wrote:From the config : auth_ssl_require_client_cert = noGMail empty vcard ... I have no ideas . so sorry. Coding snippets. What can I provide for you that will help? NOTE: it is pretty much the default config from Debian. Thank you, On Sun, May 24, 2020 at 9:29 PM Benny Pedersen <m...@junc.eu> wrote:On 2020-05-25 02:54, hanas...@gmail.com wrote:Config has ssl_verify_client_cert = no What options might have the client auth turned on?why does gmail attacht empty vcard info ? without any config snippes its hard to say what config error is local https://wiki.dovecot.org/SSL/DovecotConfiguration is it auth_ssl_require_client_cert = yes i dont use this auth features to make thunderbird work
<<attachment: hanasaki.vcf>>
