*openssl s_client -connect (mydomain.com):443 -servername (mydomain.com)*
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited,
CN = COMODO ECC Certification Authority
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL
Multi-Domain/CN=sni74706.cloudflaressl.com
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC
Domain Validation Secure Server CA 2
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC
Domain Validation Secure Server CA 2
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC
Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC
Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
External CA Root
*(removing the begin certificate content)
After the END certificate it continues with the following:*
subject=/OU=Domain Control Validated/OU=PositiveSSL
Multi-Domain/CN=sni74706.cloudflaressl.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO
ECC Domain Validation Secure Server CA 2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4141 bytes and written 450 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Session-ID:
4284FEE486BBCDE1F754F8012FBFF519865D501EE7FFC8BEE7817A80F4FD0CD9
Session-ID-ctx:
Master-Key:
03DC32DD1440B7D95E9AC427859660DC6F0F34C507A4C9EA10B67AE479E4FECC5C3C07478671E937BD50642E4CE3457D
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 64800 (seconds)
TLS session ticket:
0000 - 5a b7 92 79 44 c6 8a 1a-62 ef 2e b1 5a 14 44 c4
Z..yD...b...Z.D.
0010 - 50 b3 e4 d0 ba 11 7b d1-a8 62 f9 50 0b 6d 06 ef
P.....{..b.P.m..
0020 - b7 cb 15 f0 ee 8b 4e 95-4f 9e bd ac ae 92 32 9e
......N.O.....2.
0030 - 48 ef 8b 92 b7 e7 3f e0-e1 39 b3 a3 0c 7c 72 a9
H.....?..9...|r.
0040 - 37 bc 2e bf d6 fc 4e 40-e5 cb 14 8e a1 22 a2 ff
7.....N@....."..
0050 - dc 48 e4 6a 29 51 e9 21-f1 01 74 c5 f4 fc 2f 7e
.H.j)Q.!..t.../~
0060 - 6d dc 1c bd 97 9c df 4f-49 e1 15 63 5f 0f 82 54
m......OI..c_..T
0070 - 8e 51 6e dc fe c1 78 39-e9 33 a2 ca 05 5d 97 41
.Qn...x9.3...].A
0080 - 0a ce 89 5b 82 7c 36 3c-3c b2 57 17 05 9a a7 1a
...[.|6<<.W.....
0090 - d1 9c 05 bc 5e 4d 53 47-37 b9 ee a2 c1 b1 41 5b
....^MSG7.....A[
00a0 - 1f bd 84 0d ce 44 53 ee-da 6f 6b eb a1 55 2c c8
.....DS..ok..U,.
00b0 - ec 8f 31 f1 90 f9 31 28-09 c3 08 2c 53 17 6d ed
..1...1(...,S.m.
Start Time: 1490781136
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
closed
----------------
I've been playing with OpenSSL to try and locate the issue, and I think it
has something to do with my certificate. I noticed the certificate was
updated on the date this all went down hill, too.
Do you think this has a possibility?
--
View this message in context:
http://postfix.1071664.n5.nabble.com/Postfix-cannot-start-tls-handshake-failure-tp89684p89726.html
Sent from the Postfix Users mailing list archive at Nabble.com.
