On Dec 29, 2008, at 2:31 PM, Geoff Sweet wrote:
So my conf looks similar to yours:
# Disable SSL/TLS support.
#ssl_disable = no
ssl_cert_file = /etc/pki/dovecot/certs/pop.x10.com.cer
ssl_key_file = /etc/pki/dovecot/private/pop.x10.com.key
# If key file is password protected, give the passwo
Ok, how about from a little different approach. How do I get debugging
out of this thing?
I followed this:
http://wiki.dovecot.org/Logging
But I certainly don't consider what it produced in the way of output
something I could consider "debug" logging. It never even once logged
anything like di
Egbert Jan van den Bussche wrote:
> Still strange that Verisign is not already in your cert. store. Most
> browsers seem to have Verisign. I'm used to the fact that my CA (Cacert) is
> not included, being a small free CA. I often have to import class3 and root
> cert. which is not a big deal after
unces+egbert=vandenbussche...@dovecot.org
[mailto:dovecot-bounces+egbert=vandenbussche...@dovecot.org] Namens Geoff
Sweet
Verzonden: maandag 29 december 2008 20:31
Aan: Dovecot Mailing List
Onderwerp: Re: [Dovecot] SSL cert problems.
So my conf looks similar to yours:
# Disable SSL/TLS su
So my conf looks similar to yours:
# Disable SSL/TLS support.
#ssl_disable = no
ssl_cert_file = /etc/pki/dovecot/certs/pop.x10.com.cer
ssl_key_file = /etc/pki/dovecot/private/pop.x10.com.key
# If key file is password protected, give the password here.
Alternatively
# give it when starting dovec
-Oorspronkelijk bericht-
Van: dovecot-bounces+egbert=vandenbussche...@dovecot.org
[mailto:dovecot-bounces+egbert=vandenbussche...@dovecot.org] Namens Sahil
Tandon
Verzonden: donderdag 25 december 2008 18:01
Aan: dovecot@dovecot.org
Onderwerp: Re: [Dovecot] SSL cert problems.
Geoff Sweet
Geoff Sweet wrote:
[Please do not top-post]
> Oh, ok once I added the -CAfile change the cert verifies without issue.
That's because you installed the intermediate cert on your client; this
should not be required.
> openssl s_client -ssl3 -CAfile ~/intca.cer -connect pop.x10.com:995
> -quiet
>
Oh, ok once I added the -CAfile change the cert verifies without issue.
openssl s_client -ssl3 -CAfile ~/intca.cer -connect pop.x10.com:995
-quiet
depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
Authority
verify return:1
depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Netwo
Geoff Sweet wrote:
> Ok so I downloaded the intermediate ca cert thing onto my local machine
> as intca.cer. Then I ran this command:
>
> :~$ openssl s_client -ssl3 -CApath ./intca.cer -connect pop.x10.com:995
You're pointing to a *file* so you need -CAfile; not -CApath. But even
after making
Ok so I downloaded the intermediate ca cert thing onto my local machine
as intca.cer. Then I ran this command:
:~$ openssl s_client -ssl3 -CApath ./intca.cer -connect pop.x10.com:995
CONNECTED(0003)
depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wireless Technology,
Inc./OU=Information Technology
Geoff Sweet wrote:
> and last but not least, here is my test from openssl. Mind you this
> fails as a "BAD" ssl cert in Evolution.
>
> :~$ openssl s_client -ssl2 -connect pop.x10.com:995
Try -ssl3 here; you'll see more.
> CONNECTED(0003)
> depth=0 /C=US/ST=Washington/L=Renton/O=X10 Wirel
I'm really racking my brain trying to figure this one out here. I am
running a pop3 server for remote offices on CentOS 5.2. We purchased a
SSL cert from Verisign and installed it on our dovecot server, but I
continue to get failure problems with the cert and I don't know where to
go from here.
h
12 matches
Mail list logo
