hanasaki at gmail.com
2020-May-25 15:46 UTC
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
Hello Aki and all, The below lines are in the dovecot config file. This seems to be the same as Aki's suggestion. correct? I have also double checked file perms, tried with several new key gens, several versions of thunderbird and created completely new thunderbird profiles. Thank you, ssl_cert = </etc/letsencrypt/live/...../fullchain.pem ssl_key = </etc/letsencrypt/live/...../privkey.pem On 5/25/20 11:11 AM, Aki Tuomi wrote:> The real reason is that you have misconfigured your cert. Alert 42 means that the *client* consider *server* client untrusted. > > If you are using LE cert you should configure > > ssl_cert=</etc/letsencrypt/live/domain/fullchain.pem > ssl_key=</etc/letsencrypt/live/domain/privkey.pem > > Aki > >> On 25/05/2020 18:01 Hanasaki Jiji <hanasaki at gmail.com> wrote: >> >> >> From the config : auth_ssl_require_client_cert = no >> GMail empty vcard ... I have no ideas . so sorry. >> >> Coding snippets. What can I provide for you that will help? >> NOTE: it is pretty much the default config from Debian. >> >> Thank you, >> >> On Sun, May 24, 2020 at 9:29 PM Benny Pedersen <me at junc.eu> wrote: >>> >>> On 2020-05-25 02:54, hanasaki at gmail.com wrote: >>>> Config has >>>> ssl_verify_client_cert = no >>>> What options might have the client auth turned on? >>> >>> why does gmail attacht empty vcard info ? >>> >>> without any config snippes its hard to say what config error is local >>> >>> https://wiki.dovecot.org/SSL/DovecotConfiguration >>> >>> is it auth_ssl_require_client_cert = yes >>> >>> i dont use this auth features to make thunderbird work-------------- next part -------------- A non-text attachment was scrubbed... Name: hanasaki.vcf Type: text/x-vcard Size: 4 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20200525/f99c07d9/attachment-0001.vcf>
Aki Tuomi
2020-May-25 15:49 UTC
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
Hi! Can you do openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem and check these things: your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see this by looking for 1.3.6.1.5.5.7.1.24 Also, can you provide output of openssl s_client -connect host:993 -trace Aki> On 25/05/2020 18:46 hanasaki at gmail.com <hanasaki at gmail.com> wrote: > > > Hello Aki and all, > > The below lines are in the dovecot config file. This seems to be the > same as Aki's suggestion. correct? I have also double checked file > perms, tried with several new key gens, several versions of thunderbird > and created completely new thunderbird profiles. > > Thank you, > > ssl_cert = </etc/letsencrypt/live/...../fullchain.pem > ssl_key = </etc/letsencrypt/live/...../privkey.pem > > > On 5/25/20 11:11 AM, Aki Tuomi wrote: > > The real reason is that you have misconfigured your cert. Alert 42 means that the *client* consider *server* client untrusted. > > > > If you are using LE cert you should configure > > > > ssl_cert=</etc/letsencrypt/live/domain/fullchain.pem > > ssl_key=</etc/letsencrypt/live/domain/privkey.pem > > > > Aki > > > >> On 25/05/2020 18:01 Hanasaki Jiji <hanasaki at gmail.com> wrote: > >> > >> > >> From the config : auth_ssl_require_client_cert = no > >> GMail empty vcard ... I have no ideas . so sorry. > >> > >> Coding snippets. What can I provide for you that will help? > >> NOTE: it is pretty much the default config from Debian. > >> > >> Thank you, > >> > >> On Sun, May 24, 2020 at 9:29 PM Benny Pedersen <me at junc.eu> wrote: > >>> > >>> On 2020-05-25 02:54, hanasaki at gmail.com wrote: > >>>> Config has > >>>> ssl_verify_client_cert = no > >>>> What options might have the client auth turned on? > >>> > >>> why does gmail attacht empty vcard info ? > >>> > >>> without any config snippes its hard to say what config error is local > >>> > >>> https://wiki.dovecot.org/SSL/DovecotConfiguration > >>> > >>> is it auth_ssl_require_client_cert = yes > >>> > >>> i dont use this auth features to make thunderbird work
hanasaki at gmail.com
2020-May-25 15:52 UTC
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
s_client: Option unknown option -trace *** x509: Unknown parameter text On 5/25/20 11:49 AM, Aki Tuomi wrote:> Hi! > > Can you do > > openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem > > and check these things: > > your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see this by looking for 1.3.6.1.5.5.7.1.24 > > Also, can you provide output of > > openssl s_client -connect host:993 -trace > > Aki > >> On 25/05/2020 18:46 hanasaki at gmail.com <hanasaki at gmail.com> wrote: >> >> >> Hello Aki and all, >> >> The below lines are in the dovecot config file. This seems to be the >> same as Aki's suggestion. correct? I have also double checked file >> perms, tried with several new key gens, several versions of thunderbird >> and created completely new thunderbird profiles. >> >> Thank you, >> >> ssl_cert = </etc/letsencrypt/live/...../fullchain.pem >> ssl_key = </etc/letsencrypt/live/...../privkey.pem >> >> >> On 5/25/20 11:11 AM, Aki Tuomi wrote: >>> The real reason is that you have misconfigured your cert. Alert 42 means that the *client* consider *server* client untrusted. >>> >>> If you are using LE cert you should configure >>> >>> ssl_cert=</etc/letsencrypt/live/domain/fullchain.pem >>> ssl_key=</etc/letsencrypt/live/domain/privkey.pem >>> >>> Aki >>> >>>> On 25/05/2020 18:01 Hanasaki Jiji <hanasaki at gmail.com> wrote: >>>> >>>> >>>> From the config : auth_ssl_require_client_cert = no >>>> GMail empty vcard ... I have no ideas . so sorry. >>>> >>>> Coding snippets. What can I provide for you that will help? >>>> NOTE: it is pretty much the default config from Debian. >>>> >>>> Thank you, >>>> >>>> On Sun, May 24, 2020 at 9:29 PM Benny Pedersen <me at junc.eu> wrote: >>>>> >>>>> On 2020-05-25 02:54, hanasaki at gmail.com wrote: >>>>>> Config has >>>>>> ssl_verify_client_cert = no >>>>>> What options might have the client auth turned on? >>>>> >>>>> why does gmail attacht empty vcard info ? >>>>> >>>>> without any config snippes its hard to say what config error is local >>>>> >>>>> https://wiki.dovecot.org/SSL/DovecotConfiguration >>>>> >>>>> is it auth_ssl_require_client_cert = yes >>>>> >>>>> i dont use this auth features to make thunderbird work-------------- next part -------------- A non-text attachment was scrubbed... Name: hanasaki.vcf Type: text/x-vcard Size: 4 bytes Desc: not available URL: <https://dovecot.org/pipermail/dovecot/attachments/20200525/c32a86fc/attachment.vcf>
Apparently Analagous Threads
- How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
- How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
- How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
- How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
- How to make IMAPS SSL Cert for Dovecot that works with Thunderbird