On 11.10.22 17:46, Paul Kudla (SCOM.CA Internet Services Inc.) wrote:
ok according to
https://www.openssl.org/docs/man1.0.2/man5/x509v3_config.html
SAN is not a valid option along with CN
... I don't see that being said in the page you refer to?
Anyhow, "stop giving a CN, use SANs instead" is
ok according to
https://www.openssl.org/docs/man1.0.2/man5/x509v3_config.html
SAN is not a valid option along with CN
CN is part of the subject ??
Upoin further testing thunderbird seems to be locking onto the primary
domain (*.scom.ca) of the server skipp any sni setup ??
again thoughts
ok it appears that all this revolves around openssl
does anyone have explicit instructions on how to generate a proper ssl
key, csr etc file
with the proper SAN & CN etc
i tried
# openssl req -new -nodes -newkey rsa:2048 -config ./openssl.cnf
-reqexts req_ext -keyout mail.paulkudla.net.key
Good morning to all
i guess things have changed yet again
to keep this simple :
i buy a certificate (example) : mail.paulkudla.net
i generated the key / csr as per normal using
data = '/usr/local/bin/openssl req -new -key /tmp/temp.key -out
/tmp/temp.csr -subj "/C=%s/ST=%s/L=%s/O=%s/CN=%s"
On Sun, 18 Sept 2022 at 18:34, Jaroslaw Rafa wrote:
>
> Dnia 18.09.2022 o godz. 10:09:34 Stuart Henderson pisze:
> >
> > The CA/Browser Forum baseline requirements say that certificates must
> > include subjectAlternativeName. This doesn't strictly apply to non-browser
> > applications but it does
On Sun, 18 Sept 2022 at 12:53, Goetz Schultz
wrote:
>
>
> On 18/09/2022 11:09, Stuart Henderson wrote:
> > On 2022-09-14, Goetz Schultz wrote:
> >> I had the same issue on TB102. Self-Signed certificates rejected despite
> >> having the CA installed correctly as authority. Turns out out that that
Le 18/09/2022 à 18:33, Jaroslaw Rafa a écrit :
...
For example if the server is example.com, but it also can be accessed as
www.example.com (and both names have A records resolving to the same IP
adddress), I put example.com into CN and www.example.com into SAN.
From what you have written above
Dnia 18.09.2022 o godz. 10:09:34 Stuart Henderson pisze:
>
> The CA/Browser Forum baseline requirements say that certificates must
> include subjectAlternativeName. This doesn't strictly apply to non-browser
> applications but it does mean that all CA-issued certs can be relied upon
> to have SAN.
On 18/09/2022 11:09, Stuart Henderson wrote:
On 2022-09-14, Goetz Schultz wrote:
I had the same issue on TB102. Self-Signed certificates rejected despite
having the CA installed correctly as authority. Turns out out that that
TB now wants extension "Subject Alt Names". Added that and all work
On 2022-09-14, Goetz Schultz wrote:
> I had the same issue on TB102. Self-Signed certificates rejected despite
> having the CA installed correctly as authority. Turns out out that that
> TB now wants extension "Subject Alt Names". Added that and all works
> now. Seems another Google pressed iss
Hello,
I switched from self-created SSL certificates to SSL certificates from
Let's Encrypt. For that I configured
ssl_cert =
cert had an invalid/incorrect hostname
fyi,
https://kb.mozillazine.org/Files_and_folders_in_the_profile_-_Thunderbird
...
cert_override.txt
This is an optional file used to store a security
exception. It appears to store the hos
Hi,
I had the same issue on TB102. Self-Signed certificates rejected despite
having the CA installed correctly as authority. Turns out out that that
TB now wants extension "Subject Alt Names". Added that and all works
now. Seems another Google pressed issue being introduced (my Chromium
had s
I just ran into something similar with the latest version of TB.
I updated our SSL cert for Dovecot but TB could not access my email over
port 993.
I clicked on file then get new messages for all accounts. TB popped up a
warning that the cert had an invalid/incorrect hostname and if I should
al
Hello.
Am 14.09.2022 um 13:59 schrieb Christian Mack:
Sound to me, as if Thunderbird does not know the CA used to (self) sign
that server certificate.
Following the documentation at
https://community.letsencrypt.org/t/simple-guide-using-lets-encrypt-ssl-certs-with-dovecot/2921
I configured
Hello
Sound to me, as if Thunderbird does not know the CA used to (self) sign
that server certificate.
As it does not know and trust that server certifikate for sending email,
it disconnects with that generic error.
Thunderbird has its own trusted CA store, therefore not using the one
from the OS
Am 14.09.22 um 13:14 schrieb Meikel:
Hi folks,
on a Rocky Linux 8.6 based home server I run Dovecot with an account
that I use as an archive. Archive means, that from different
Thunderbird instances I connect to that Dovecot via IMAPS to move
emails there, that I want to keep. Since some days f
Hi folks,
on a Rocky Linux 8.6 based home server I run Dovecot with an account
that I use as an archive. Archive means, that from different Thunderbird
instances I connect to that Dovecot via IMAPS to move emails there, that
I want to keep. Since some days from all Thunderbird instances I can
18 matches
Mail list logo
