On Wed, Mar 22, 2023 at 04:28:36PM +0100, Benny Pedersen via Postfix-users
wrote:
> >> mx ~ # posttls-finger sdaoden.eu
> >> posttls-finger: Connected to sdaoden.eu[217.144.132.164]:25
> >> posttls-finger: < 220 sdaoden.eu ESMTP Postfix
> >
> > I can't even get the connection. I can't even ping sdaoden.eu from my
> > server.
>
> I belive its a firewall problem then, at sdaoden.eu, and the cert fails
No, you just didn't attempt to verify it relative to the system's WebPKI
certificate store.
$ posttls-finger -F /etc/ssl/cert.pem -lsecure -c sdaoden.eu
posttls-finger: sdaoden.eu[217.144.132.164]:25: matched peername: sdaoden.eu
posttls-finger: sdaoden.eu[217.144.132.164]:25: subject_CN=sdaoden.eu,
issuer=R3,
cert fingerprint=[...],
pkey fingerprint=[...]
posttls-finger: Verified TLS connection established
to sdaoden.eu[217.144.132.164]:25: TLSv1.3 with
cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519
server-signature RSA-PSS (4096 bits)
server-digest SHA256
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
