I'm running a new dovecot 2.0.9 under Centos 6.4. I'm having an issue with
SSL certificate not being accepted by the email client.
I have my own CA and I have generated certificates for web usage without a

For imaps and pop3s what I did was generate a certificate for the hostname
of my dovecot server and then cat that cert with the intermediate and root
CA certificates. No matter what thunderbird still complains with Unknown

# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-358.2.1.el6.x86_64 x86_64 CentOS release 6.4 (Final)
auth_mechanisms = plain login
auth_socket_path = /var/run/dovecot/auth-userdb
auth_username_format = %n
disable_plaintext_auth = no
log_path = /var/log/dovecot.log
mail_fsync = never
mail_home = /vmail/%u
mail_location = maildir:~/Maildir
mail_plugins = quota
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date
mbox_write_locks = fcntl
passdb {
  driver = pam
plugin {
  quota = maildir:User quota
  quota_rule = *:storage=1G
  quota_rule2 = Trash:storage=+100M
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
protocols = imap pop3 lmtp sieve
quota_full_tempfail = yes
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
service lmtp {
  unix_listener lmtp {
    user = vmail
service managesieve-login {
  inet_listener sieve {
    port = 4190
service pop3-login {
  inet_listener pop3s {
    port = 995
    ssl = yes
ssl_cert = </etc/pki/dovecot/certs/mail.pem
ssl_key = </etc/pki/dovecot/private/mail.example.com.key
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
verbose_ssl = yes
protocol lmtp {
  mail_fsync = optimized
  mail_plugins = sieve quota
protocol lda {
  mail_plugins = sieve quota
protocol imap {
  mail_plugins = quota imap_quota
protocol pop3 {
  mail_plugins = quota

This is the log:

  Jul 11 15:38:45 imap-login: Warning: SSL: where=0x10, ret=1:
before/accept initialization []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1:
before/accept initialization []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv2/v3
read client hello A []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read
client hello A []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write
server hello A []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write
certificate A []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write
key exchange A []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write
server done A []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush
data []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read
client certificate A []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read
client certificate A []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read
client key exchange A []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read
finished A []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write
session ticket A []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write
change cipher spec A []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write
finished A []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush
data []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x20, ret=1: SSL
negotiation finished successfully []
Jul 11 15:38:45 imap-login: Warning: SSL: where=0x2002, ret=1: SSL
negotiation finished successfully []
Jul 11 15:38:45 imap-login: Warning: SSL alert: where=0x4004, ret=558:
fatal certificate unknown []
Jul 11 15:38:45 imap-login: Warning: SSL alert: where=0x4008, ret=256:
warning close notify []
Jul 11 15:38:45 imap-login: Info: Disconnected (no auth attempts):
rip=, lip=, TLS: SSL_read() failed:
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown: SSL alert number 46

Thx in advance

