Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
SSL3 alert read:fatal:unknown CA error. How do I fix this?
948 views
Skip to first unread message
Harold Thurnstein
May 15, 2016, 9:24:48 AM5/15/16
to
Hi,
I am having a issue getting postfix working for me. If this is not the appropriate group to raise such questions please let me know the group that is more relevant to the question below. Thanks.
I am in the process of setting up postfix -> dovecot -> squirrelmail infrastructurei on fedora 23. Imap and smtp are working fine however I am having trouble enabling SMTPS for postfix. When I try to send out something via squirrelail the following error is listed in /var/log/maillog :
May 15 22:17:41 localhost postfix/smtps/smtpd[5188]: 0000 02 30 .0
May 15 22:17:41 localhost postfix/smtps/smtpd[5188]: SSL3 alert read:fatal:unknown CA
May 15 22:17:41 localhost postfix/smtps/smtpd[5188]: SSL_accept:failed in SSLv3 read client key exchange A
May 15 22:17:41 localhost postfix/smtps/smtpd[5188]: SSL_accept error from myhost.mydomain[
192.168.0.5]: 0
May 15 22:17:41 localhost postfix/smtps/smtpd[5188]: warning: TLS library problem: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1472:SSL alert number 48:
May 15 22:17:41 localhost postfix/smtps/smtpd[5188]: lost connection after CONNECT from myhost.mydomain[192.168.0.5]
What am I missing? The following is the excerpt from main.cf (for postfix):
smtp_tls_cert_file = /etc/postfix/pki/certs/hal.crt
smtp_tls_key_file = /etc/postfix/pki/private/hal-shhh.key
smtp_tls_CAfile = /etc/postfix/pki/certs/CAhalcert.pem
smtp_tls_loglevel = 3
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_sasl_type = dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_tls_eecdh_grade = strong
smtpd_tls_cert_file = /etc/postfix/pki/certs/hal.crt
smtpd_tls_key_file = /etc/postfix/pki/private/hal-shhh.key
smtpd_tls_CAfile = /etc/postfix/pki/certs/CAhalcert.pem
smtpd_tls_CApath = /etc/postfix/pki/certs
smtpd_tls_loglevel = 3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
tls_preempt_cipherlist = yes
The following is the excerpt from master.cf (for postfix):
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
The following is the except for 10-ssl.conf (for dovecot):
ssl_cert = </etc/pki/dovecot/certs/hal.crt
ssl_key = </etc/pki/dovecot/private/hal-shhh.key
ssl_client_ca_file = </etc/pki/dovecot/certs/CAhalcert.pem
The certificates and keys are in pem format.
I have searched google to see if any similar scenarios would shed light on where the issue was coming from but to no avail. Does anyone have any ideas? Thanks.
Hal.
I am having a issue getting postfix working for me. If this is not the appropriate group to raise such questions please let me know the group that is more relevant to the question below. Thanks.
I am in the process of setting up postfix -> dovecot -> squirrelmail infrastructurei on fedora 23. Imap and smtp are working fine however I am having trouble enabling SMTPS for postfix. When I try to send out something via squirrelail the following error is listed in /var/log/maillog :
May 15 22:17:41 localhost postfix/smtps/smtpd[5188]: 0000 02 30 .0
May 15 22:17:41 localhost postfix/smtps/smtpd[5188]: SSL3 alert read:fatal:unknown CA
May 15 22:17:41 localhost postfix/smtps/smtpd[5188]: SSL_accept:failed in SSLv3 read client key exchange A
May 15 22:17:41 localhost postfix/smtps/smtpd[5188]: SSL_accept error from myhost.mydomain[
192.168.0.5]: 0
May 15 22:17:41 localhost postfix/smtps/smtpd[5188]: warning: TLS library problem: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1472:SSL alert number 48:
May 15 22:17:41 localhost postfix/smtps/smtpd[5188]: lost connection after CONNECT from myhost.mydomain[192.168.0.5]
What am I missing? The following is the excerpt from main.cf (for postfix):
smtp_tls_cert_file = /etc/postfix/pki/certs/hal.crt
smtp_tls_key_file = /etc/postfix/pki/private/hal-shhh.key
smtp_tls_CAfile = /etc/postfix/pki/certs/CAhalcert.pem
smtp_tls_loglevel = 3
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_sasl_type = dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_tls_eecdh_grade = strong
smtpd_tls_cert_file = /etc/postfix/pki/certs/hal.crt
smtpd_tls_key_file = /etc/postfix/pki/private/hal-shhh.key
smtpd_tls_CAfile = /etc/postfix/pki/certs/CAhalcert.pem
smtpd_tls_CApath = /etc/postfix/pki/certs
smtpd_tls_loglevel = 3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
tls_preempt_cipherlist = yes
The following is the excerpt from master.cf (for postfix):
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
The following is the except for 10-ssl.conf (for dovecot):
ssl_cert = </etc/pki/dovecot/certs/hal.crt
ssl_key = </etc/pki/dovecot/private/hal-shhh.key
ssl_client_ca_file = </etc/pki/dovecot/certs/CAhalcert.pem
The certificates and keys are in pem format.
I have searched google to see if any similar scenarios would shed light on where the issue was coming from but to no avail. Does anyone have any ideas? Thanks.
Hal.
0 new messages