Ask / Submit
1

Email certificate issue (dovecot) [answered]

asked 2014-06-10 15:19:25 +0300

doktoil makresh gravatar image

updated 2014-06-10 16:14:52 +0300

VDVsx gravatar image

Hi,

I'm using my own IMAP server (dovecot). It is running fine on all devices (Meego N9, Maemo N900, Mozilla Thunderbird...) but my securely signed certificate seems to be wrong for the Jolla.

My conf : server : mail.makelofine.org Encryption : STARTTLS (SSL tested too) Port : 143 (STARTTLS) / 993 (SSL)

openssl confirms my certificate is OK : echo '' | openssl s_client -connect mail.makelofine.org:993 | openssl x509 -fingerprint -text

So, what is wrong ?!

PS : When i check the box to allow unsecure certificate, it is working. Of course I don't want to enable it as I have a offially signed certificate

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by VDVsx
close date 2014-06-10 16:15:04.764988

Comments

Checked in my laptop and it says that is untrusted: verify error:num=27:certificate not trusted

VDVsx ( 2014-06-10 15:27:53 +0300 )edit

Try to change the server host to "webmail.makelofine.org"

jbrek ( 2014-06-10 15:34:13 +0300 )edit

@jbrek : webmail.makelofine.org is hostname for HTTPS, TCP/443), hostname for IMAPS (TCP/993) is mail.makelofine.org

doktoil makresh ( 2014-06-10 15:58:57 +0300 )edit

1 Answer

Sort by » oldest newest most voted
4

answered 2014-06-10 15:35:30 +0300

gabriel gravatar image

You need to make a proper change in dovecot's certificate file. Stick your certificate first, then your unencrypted RSA key, then class 1 and subclass certificates of your provider. Your openssl s_client test now returns 21 (unable to verify the first certificate), it should return 0 or at least 19 (which is self signed, but probably because openssl doesn't know about your CA).

A bit of a pain, but I fixed it yesterday like this. It's a good thing that Sailfish is anal about this now to avoid Man in the Middle attacks.

edit flag offensive delete publish link more

Comments

Thank you very much ! Indeed, Sailfish seems to be more secure that all my previous email clients ;)

doktoil makresh ( 2014-06-10 16:08:14 +0300 )edit

Question tools

Follow
2 followers

Stats

Asked: 2014-06-10 15:19:25 +0300

Seen: 206 times

Last updated: Jun 10 '14