Building a new certificate as described in a previous email worked. *Darryl Baker*
On Sun, Sep 25, 2016 at 5:19 AM, chaouche yacine <yacinechaou...@yahoo.com> wrote: > *From:* Darryl Baker <darryl.p.ba...@gmail.com> > > > *To:* dovecot@dovecot.org > *Sent:* Friday, September 23, 2016 6:07 PM > *Subject:* Self-Signed Certificate issue > > I keep getting what I am interpreting as > a missing CA cert. The message is: > > dovecot: imap-login: Error: SSL: Stacked error: error:14094418:SSL > routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48 > > That's because your client doesn't know about the certificate *issuer* so > it doesn't trust it (the certificate), it's not an *authority* (the A in > CA). What you need to do is include the *issuer's* certificate in your > server's. But even then, the issuer was yourself, and your are not trusted > either on the client's side. So what you need to do is install the root > certificate in the client's machine so that certificates signed with it are > trusted. When root cert is trusted on the client side, it will trust the > intermediate (issuer) certificate because it was signed by it, and trust > the server's certificate because it was signed by the intermediate (this is > why it's called a certificate *chain* which often has only one intermediate > CA although many intermediates are possible). > > So it's ROOT CA CERT >>signs>> INTERMEDIATE CA CERT >>signs>> SERVER CERT > > > >