Re: [qmailtoaster] ssl cert issue

[qmailtoaster]

I tryed Google an got to this page:

https://serverfault.com/questions/639837/openssl-s-client-shows-alert-certificate-unknown-but-all-server-certificates-app
"
In my case

  error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate 
unknown:s3_pkt.c:1260:SSL alert number 46

was solved by adding

  ssl_verify_client_cert = yes

in /etc/dovecot/dovecot.conf.
"

Allan Dukat


On 2020-01-11 16:50, Eric Broch wrote:
can you try debugging:

user='myu...@mydomain.tld'
 pass='mypasswd'
 bash -c 'echo a login '"$user $pass"'; while read x; do echo "$x";
done'
 | openssl s_client -crlf -connect mail.mydomain.com:993
 -CAfile /var/qmail/control/servercert.pem
 -cert /var/qmail/control/servercert.pem
 -key  /var/qmail/control/servercert.pem
 -debug

On 1/11/2020 8:27 AM, Remo Mattei wrote:

Yes here is the config 

auth_mechanisms = plain login digest-md5 cram-md5
auth_username_format = %Lu
first_valid_uid = 89
first_valid_gid = 89
log_path = /var/log/dovecot.log
login_greeting = IMAP server .
mail_plugins = $mail_plugins quota
plugin/quota = maildir
protocols = imap pop3
disable_plaintext_auth = no
ssl=yes
ssl_cert = </var/qmail/control/mail_validcert_com.crt
ssl_key = </var/qmail/control/mail_validcert_com.pem
mail_location = maildir:~/Maildir

and I have this working on a diff server

—
Remo

On Saturday, Jan 11, 2020 at 07:15, Charles Hockenbarger
<chash...@gmail.com> wrote:

Are you sure the cert location is defined correctly?

Get TypeApp for Android [1]
On Jan 11, 2020, at 9:05 AM, Remo Mattei <r...@mattei.org> wrote:

:34 imap-login: Info: Disconnected (no auth attempts in 0 secs):
user=<>, rip=52.125.128.94, lip=xxxxx, TLS handshaking: SSL_accept()
failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert
certificate unknown: SSL alert number 46, session=<Aibbi96boqY0fYBe>

Jan 11 08:03

I am getting this any suggestions from anyone?

—
Remo


Links:
------
[1] http://www.typeapp.com/r?b=15723

---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com