Re: alert number 46:

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Nov 12, 2017 at 4:55 AM, Jan Just Keijser <janjust@xxxxxxxxx> wrote:
> Hi,
>
> On 12/11/17 05:39, Simon Matthews wrote:
>>
>> I have generated a new certificate for my CentOS 6/postfix server, and
>> it seems to work with most clients, but when I try to send email using
>> tls from my Android device, it always fails.
>>
>> In my postfix log, I see:
>>
>> warning: TLS library problem: 13671:error:14094416:SSL
>> routines:SSL3_READ_BYTES:sslv3 alert certificate
>> unknown:s3_pkt.c:1275:SSL alert number 46:
>>
>> I get the same message when using the same new certificate with
>> dovecot, so I don't think it is a postfix issue.
>>
>> To generate the certificate, I used the following commands:
>>
>> openssl genrsa -out MatthewsCA2017.key 2048
>> openssl genrsa -des3 -out MatthewsCA2017.key 2048
>> openssl req -x509 -new -nodes -key MatthewsCA2017.key -sha256 -days
>> 3000 -out MatthewsCA2017.pem
>> openssl genrsa -out smtp.matthews-family.org.uk.key 2048
>> openssl req -new -key smtp.matthews-family.org.uk.key -out
>> smtp.matthews-family.org.uk.csr
>> openssl x509 -req -in smtp.matthews-family.org.uk.csr -CA
>> MatthewsCA2017.pem -CAkey MatthewsCA2017.key -CAcreateserial -out
>> smtp.matthews-family.org.uk.crt -days 3000 -sha256
>>
>> Any ideas on what might be wrong?
>>
>
> you seem to have generated your own (new) CA and server certificate; is this
> CA (public) cert installed in postfix correctly. More importantly, is this
> new CA distributed to all devices?
> An alert 46 usually hints at SSL3_AD_CERTIFICATE_UNKNOWN

In my Android device, I am using the option "TLS (Accept all
certificates)" which was working with my prior certificate. I built a
new CA and certificate because Microsoft/Hotmail would not send email
to my server because of the use of MD5 in the certificate chain.

In the postfix main.cf, I have:
smtpd_tls_CAfile =  /etc/ssl/MatthewsCA2017.pem

The file exists:
# ls /etc/ssl/MatthewsCA2017.pem
/etc/ssl/MatthewsCA2017.pem

This is CentOS 6 VM.

Is there anything else I should do to install the certificates? I
notice that the dovecot configuration doesn't explicitly define the CA
certificate location, so perhaps I have missed something?

Simon
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux