Am 09.01.2012 10:37, schrieb Simon Loewenthal: > On 09/01/12 10:27, Robert Schetterer wrote: >> Am 09.01.2012 10:16, schrieb J4K: >>> Morning everyone, >>> >>> On the 8th of Jan the TLS/SSL certificate I use with Dovecot expired. I >>> replaced it with a new on the 9th of Jan. I tested this with >>> Thunderbird and all is well. >>> >>> This morning people tell me they cannot get their email using their >>> mobile telephones : K9 Mail >>> >>> I have reverted the SSL cert back to the old one just in case. >>> Thunderbird will works. >>> >>> >>> Dovecot 1:1.2.15-7 running on Debian 6 >>> >>> The messages in the logs are: >>> >>> Jan 9 10:11:37 logout dovecot: imap-login: Disconnected (no auth >>> attempts): rip=90.131.95.130, lip=88.119.95.13, TLS: Disconnected >>> Jan 9 10:11:38 logout dovecot: imap-login: Disconnected (no auth >>> attempts): rip=90.131.95.130, lip=88.119.95.13, TLS: Disconnected >>> >>> In dovecot.conf I have this set : >>> >>> disable_plaintext_auth = no >>> >>> And the auth default mechanisms are set to: >>> mechanisms = plain login >>> >>> What is strange is the only item that changed is the SSL cert, which has >>> since been changed back to the old one (which has expired... ^^). >>> >>> Any ideas where I may look or change? >>> >>> Regards, S >> if you only changed the crt etc, and youre sure you did everything right >> >> perhaps you have forgot adding a needed intermediate cert ? >> >> read here >> http://www.trustico.co.uk/install/how-to-install-ssl-certificate.php >> >> Required Intermediate Certificates (CA Certificates) >> >> To successfully install your SSL Certificate you may be required to >> install an Intermediate CA Certificate. Please review the above >> installation instructions carefully to determine if an Intermediate CA >> Certificate is required, how to obtain it and correctly import it into >> your system. For more information please Contact Us. >> Alternatively, and for systems not covered by the above installation >> instructions, please use our Intermediate Certificate Wizard to find the >> correct CA Certificate or Root Bundle that is required for your SSL >> Certificate to function correctly. Find Out More Information > I know that the intermediate certs are messed up, which is why I rolled > back to the old expired certificate. I did not expect an expired > certificate to block authentication, and it does not mean that it does > block. The problem may be elsewhere.
that might be a k9 problem ( older versions ) or in android older versions, is there a ignore ssl failure option as workaround what does thunderbird tell you about the new cert ? but for sure the problem may elsewhere > > -- > PGP is optional: 4BA78604 > simon @ klunky . org > simon @ klunky . co.uk > I won't accept your confidentiality > agreement, and your Emails are kept. > ~Ö¿Ö~ > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
