# couriertls always reports "unknown ca"

## c00l.wave

Neither self-signed certificates nor a certificate signed by CAcert.org seems to be accepted by courier-imapd-ssl/couriertls. I keep getting:

Jul 22 00:59:58 [imapd] couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

Client is a mobile phone but I assume the error occurs on server side. What is wrong?

/etc/courier-imap/imapd-ssl contains:

TLS_TRUSTCERTS=/etc/ssl/certs

TLS_CERTFILE=/etc/ssl/cacert/mypem

pem file was concatenated using cat mykey mycert >mypem

I tried both root certificates, class 1 and class 3 from cacert.org but I get the same error for both.

courier-imap has been upgraded to latest version in portage: net-mail/courier-imap-4.1.2-r1 (~amd64)

Thanks in advance!

----------

## c00l.wave

CAcert.org is unsupported by my mobile phone (maximum 1024 bits, CAcert uses 4096; phone crashes on import). I switched back to the automatically generated certificate /etc/courier-imap/imapd.pem and changed my imapd-ssl to:

TLS_CERTFILE=/etc/courier-imap/imapd.pem

TLS_TRUSTCERTS=/etc/courier-imap/imapd.pem

I thought this may work having extracted the certificate from .pem and imported it into my phone. Again all I get is the same old alert and a connection abort.

I really don't know what to try next. Any ideas?

----------

