similar to: How to make IMAPS SSL Cert for Dovecot that works with Thunderbird

Hello, This is a selfsigned cert. Both of the below methods were used. May I ask for 1. pointer to info setting up "intermediate certs" and where the certfile goes? The objective is to generate a self-signed cert and use it for just internal use with IMAPS dovecot. Separately, what are your thoughts as to why evolution works and thunderbird does not? Thank you, ==1 openssl

I would expect the public cert to be imported as a "server" not an "auth" The attached image shows that TBird wants an httpS url for a webserver, for the source. Ages ago, I think it prompted for "do you want to trust this new cert" and YES added it (assuming that is the public key) to the server list.? A bit confused by this. <see attached thunderbird

Recently thunderbird and Dovecot IMAPS cannot agree on SSL however Evolution, on the exact same system, is working fine with the same accounts. Tried recreating the Dovecot cert and also the thunderbird accounts from scratch. The OpenSSL raw client works fine as well. Would someone also confirm the openssl commands to create a selfsigned cert for dovecot imaps. They cert created does work

Config has ssl_verify_client_cert = no What options might have the client auth turned on? TYIA On 5/24/20 6:40 PM, Felipe Gasper wrote: > From what I can tell, ?SSL alert number 42? means that you?ve configured Dovecot to require client authentication. > > Otherwise, your Let?s Encrypt certificate (with its authority chain) should suffice. > > -FG > >> On May 24,

From what I can tell, ?SSL alert number 42? means that you?ve configured Dovecot to require client authentication. Otherwise, your Let?s Encrypt certificate (with its authority chain) should suffice. -FG > On May 24, 2020, at 5:45 PM, hanasaki at gmail.com wrote: > > Hello all, > > What are the instructions for making an SSL cert for Dovecot IMAPS? > > Two methods have

<!doctype html> <html><head> <meta charset="UTF-8"> </head><body><div>I see. You need to import the cert into thundebird's trusted ca certs.</div><div><br></div><div>Aki</div><blockquote type="cite"><div>On 30/04/2020 21:36 <a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've recently set up a Red Hat Enterprise Linux 4 WS server, and decided to try using Dovecot as my IMAP server, as I was impressed with the dedication to security that seems to be the core development goal. I'm really happy with it, but I can't get it to work with a self-signed cert. Normally, on a RHEL system, you just go into

> > > > Hi Folks, > > > > > > > > I’m having a problem getting a the SSL cert file formatted just > > > > like icecast wants… I’m running 2.4.2 … and it doesn’t seem to > > > > want to use my combined key + cert chain no matter in what order I > > > > put it. > > > > Presently, I have it in this format.. with

> > > > > > Hi Folks, > > > > > > > > > > > > I’m having a problem getting a the SSL cert file formatted > > > > > > just like icecast wants… I’m running 2.4.2 … and it doesn’t > > > > > > seem to want to use my combined key + cert chain no matter in > > > > > > what order I put it. >

> > > > > > > > Hi Folks, > > > > > > > > > > > > > > > > I’m having a problem getting a the SSL cert file formatted > > > > > > > > just like icecast wants… I’m running 2.4.2 … and it > > > > > > > > doesn’t seem to want to use my combined key + cert chain > > > >

Main question: is it safe, to open a port for an openssl server? e.g.: server side - generate a self-signed cert. time openssl req -x509 -nodes -days 365 -newkey rsa:8192 -keyout mycert.pem -out mycert.pem openssl s_server -accept 52310 -cert mycert.pem Is it secure? - it could be DOSed' [DenialofService] or could it be attacked in any way? Are there any iptables rule for restricting

Hi there, Forgive me for repeating a question asked about a year ago: > Hi, > > Just wondered if anyone had got the following to work or if there are any > plans to add this functionality. > > * X.509 certificate support for authentication. As used in the likes of > stunnel, mod_ssl etc for client auth. > > * Directory based (LDAP) key lookup. Either

> > > > > > > > > > Hi Folks, > > > > > > > > > > > > > > > > > > > > I’m having a problem getting a the SSL cert file > > > > > > > > > > formatted just like icecast wants… I’m running 2.4.2 … > > > > > > > > > > and it doesn’t seem to want to use

That is good to know. I was working on the wrong assumption, attempting to create a client certificate on the Windows/Thunderbird side. I am using the SSL Certificate that comes with the distribution, so the conclusion is Thunderbird does not trust it. I have this in my notes from ages ago, for generating my own self-signed certificate: % openssl req -x509 -newkey rsa:4096 -sha256 -keyout

Evolution prompted to accept the cert; which I did. Thunderbird used to prompt and allow acceptance; it no longer does... well sorta does. See my other posting for a screenshot where it shows "add server location https:// ...." HTTPS . no way to add from SMTP. Have also tried typing smtp://host:25 and https://host:25 On 4/30/20 5:39 PM, Joseph Tam wrote: > On Thu, 30 Apr 2020,

hi, i'm using dovecot 1.2.15 with self signed certificates using starttls on ports 110/143 works ok with thunderbird 10.0.12 (and i guess most other clients) using imaps on port 993 works with outlook 2002. with thunderbird 10.0.12 i can't connect to port 993 and get errors in the logs like TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad

Greetings, I have seen via google that this very problem was already discussed on several lists some months ago, but the archives report no solution. I have a remote server with dovecot 1.0-0_12.beta8 on Centos 4.3. IMAP works just fine: I can read email from both Squirrelmail via web and Kmail. Now I have created an ssl certificate on the server, and I'm trying to retrieve email via pop3s

s_client: Option unknown option -trace *** x509: Unknown parameter text On 5/25/20 11:49 AM, Aki Tuomi wrote: > Hi! > > Can you do > > openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem > > and check these things: > > your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see

Hello Aki and all, The below lines are in the dovecot config file. This seems to be the same as Aki's suggestion. correct? I have also double checked file perms, tried with several new key gens, several versions of thunderbird and created completely new thunderbird profiles. Thank you, ssl_cert = </etc/letsencrypt/live/...../fullchain.pem ssl_key =

<!doctype html> <html><head> <meta charset="UTF-8"> </head><body><div><br></div><blockquote type="cite"><div>On 30/04/2020 14:49 <a href="mailto:hanasaki@gmail.com">hanasaki@gmail.com</a> <<a href="mailto:hanasaki@gmail.com">hanasaki@gmail.com</a>>