Thanks for the detailed explanation Victor.
I really appreciate both your confirming my submission cert is now
correctly configured, and for taking the time to 'teach me to fish'
rather than just giving me one... ;)
I believe that if I study this reply, and maybe go back and re-read the
post
On Sat, Apr 19, 2014 at 07:06:31AM -0400, Charles Marcus wrote:
> I hate to keep imposing on you, but since I don't have the postfinger tool,
Your submission service configuration is now correct. In each pair
of lines the "issuer" is the name of the certification authority
that signed the certif
Am 19.04.2014 12:59, schrieb Charles Marcus:
> On 4/18/2014 6:52 PM, li...@rhsoft.net wrote:
>> cat whatever-filename.crt your-private.key intermediate-a.crt > your.pem
>>
>> you are done, use that for *whatever* sevrer-software (httpd, postfix, ATS,
>> dovecot)
>> as key and or certificate
On 4/19/2014 6:32 AM, Charles Marcus wrote:
Would you mind a quick check of both our smtp. and mail. (I'm guessing
that I would need to do the same thing for dovecot's cert too)?
Hi Victor,
I hate to keep imposing on you, but since I don't have the postfinger
tool, and have a hard time inter
On 4/18/2014 6:52 PM, li...@rhsoft.net wrote:
cat whatever-filename.crt your-private.key intermediate-a.crt > your.pem
you are done, use that for*whatever* sevrer-software (httpd, postfix, ATS,
dovecot)
as key and or certificate file
Apparently not, if the certs you get are from RapidSS
Am 19.04.2014 12:46, schrieb Charles Marcus:
> On 4/19/2014 6:32 AM, Charles Marcus wrote:
>> Thanks again Victor, without the support on this list many of us wanna-be
>> admins would be in way over our heads...
>
> One other question...
>
> Would I be correct that the following error I'm now
On 4/19/2014 6:32 AM, Charles Marcus wrote:
Thanks again Victor, without the support on this list many of us
wanna-be admins would be in way over our heads...
One other question...
Would I be correct that the following error I'm now seeing since
changing the certs could be caused by some peo
On 4/18/2014 5:14 PM, Viktor Dukhovni wrote:
Though many/most client implementations may not mind, the certificate
chain is not quite in the right order:
$ posttls-finger -cC -Lsummary smtp.media-brokers.com:587 |
openssl crl2pkcs7 -nocrl -certfile /dev/stdin |
openssl
Am 18.04.2014 21:22, schrieb Charles Marcus:
> Ok, if you are willing, could you check me?
>
>> X.509 certificates come in a few data formats:
>>
>> - Binary ASN.1 DER format containing a single certificate.
>>Not directly usable by Postfix.
>>
>> - ASCII PEM format certificate
On Fri, Apr 18, 2014 at 05:00:22PM -0400, Charles Marcus wrote:
> > smtpd_tls_cert_file = ${config_directory}/smtpd-chain.pdf
> > smtpd_tls_key_file = ${config_directory}/smtpd-key.doc
> >
> >[ You'll probably pick less ridiculous file extensions, but they only
> > enlighten or confuse t
On 4/18/2014 3:50 PM, Viktor Dukhovni wrote:
In the sample command, "server_cert.pem" is a plausible name for
a file that holds just the leaf server certificate. While
"intermediate_CA.pem" is a plausible name for a file that hold one
or more intermediate CA issuer certificates (in the right or
On Fri, Apr 18, 2014 at 03:22:25PM -0400, Charles Marcus wrote:
> >>Thanks again, Victor, but again, that is all over my head.
I suspect more lack of confidence than lack of ability. Be more
daring, take a guess, it'll probably be right.
> > - ASCII PEM format certificate which is the base6
On 4/18/2014 3:06 PM, Viktor Dukhovni wrote:
On Fri, Apr 18, 2014 at 02:35:45PM -0400, Charles Marcus wrote:
No. The correct approach is at:
http://www.postfix.org/TLS_README.html#server_cert_key
With legacy public CA trust verification, you can omit the root
certificate from
On Fri, Apr 18, 2014 at 02:35:45PM -0400, Charles Marcus wrote:
> I don't even know the difference between a .pem and .crt, and definitaly
> don't have a clue when iti comes to chainming certs or anything.
Those are just file names. File extensions having meaning is a CP/M and
Windows concept.
Thanks for the response Victor...
On 4/18/2014 2:20 PM, Viktor Dukhovni wrote:
On Fri, Apr 18, 2014 at 02:06:20PM -0400, Charles Marcus wrote:
Ok, been wanting to do this for a while, and I after the Heartbleed fiasco,
the boss finally agreed to let me buy some real certs...
Until now, we've
On Fri, Apr 18, 2014 at 02:06:20PM -0400, Charles Marcus wrote:
> Ok, been wanting to do this for a while, and I after the Heartbleed fiasco,
> the boss finally agreed to let me buy some real certs...
>
> Until now, we've been using self-signed certs with the following postfix
> settings:
>
> sm
Hi all,
Ok, been wanting to do this for a while, and I after the Heartbleed
fiasco, the boss finally agreed to let me buy some real certs...
Until now, we've been using self-signed certs with the following postfix
settings:
smtpd_tls_cert_file = /etc/ssl/ourCerts/smtp_crt.pem
smtpd_tls_key_
17 matches
Mail list logo