search for: showcerts

...but a chained server+intermediate in the server certificate file, then your analysis makes sense and it seems that the intermediate certificate is not being sent by the server. That ties in with the different error messages between imap and replication. It might be interesting to do a test with -showcerts parameter. |openssl s_client -showcerts -connect hostname:|7557 |openssl s_client -showcerts -connect hostname:993 The bundled version of Dovecot on Centos 7 is 2.2.10 but I am not using that version. I am on 2.2.26, where I don't have the problem you see and both services send the server and...

On 8/29/19 3:03 AM, Gary Stainburn wrote: > https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized." What do you see when you run: ??? openssl s_client -showcerts -connect us-east.repo.webtatic.com:443

...hake: Received invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com > doveadm(casoli): Fatal: Disconnected from remote: Received invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com Which I can reproduce with openssl (openssl s_client -showcerts -CApath /etc/ssl/certs -connect my.domain.com:12345) : > (...) > Verify return code: 21 (unable to verify the first certificate) Indeed, in this case, dovecot only returns the local part of the certificate (my.domain.com), and not the full chain (with the intermediate CA). While testing regu...

...my iOS mail client (12.2) Thunderbird just work fine. Here is my configuration: Debian Buster (amd64) Dovecot: 2.3.4.1 Postfix : 3.4.5 OpenSSL: 1.1.1c Dovecot configuration file: ssl_min_protocol = TLSv1.2 (I tried different version) When I tried to connect with command line: openssl s_client -showcerts -connect server:993 No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2322 bytes and written 392 bytes Verification error: unable to verify the first certificate --- New, TLSv1.3, Cipher is TLS_...

...tificate, postfix shows, 2015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) I checked certs by openssl s_client: #openssl s_client -connect localhost:24 -showcerts -starttls smtp -CApath /etc/ssl/certs/ And I gets didn't found starttls in server response, try anyway... depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15, OU = Domain Control Validated - RapidSSL(R), CN = mail.active24.pl verify error:num=20:unable to get local issuer...

...fflineIMAP complains? 'CA Cert verifying failed: ??no matching domain name found in certificate' So at least offlineIMAP 7.0.12 from Debain stretch won't send SNI, there is a newer version upstream though. I myself checked the server's behaviour with openssl: $ openssl s_client -showcerts?-connect IP-address:993 and $ openssl s_client -showcerts?-connect IP-address:993 -servername imap.domain I'm totally clueless about how come. Best regards Martin Johannes Dauser # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-862.el7.x86_64 x86_64 Red Hat Enterprise Linux Serve...

...dows) I cannot connect. > > Failed tests: > > *ldapsearch -I -H ldaps://dc* > > ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) > > additional info: (unknown error code) Does the OpenSSL test connect, and if so with what result? openssl s_client -showcerts -connect DC.EXAMPLE.COM:636 -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA

...to disable SSLv3 protocol in smb.conf on Samba4. I am using the following: tls enabled = yes tls keyfile = tls/myKey.pem tls certfile = tls/myCert.pem tls cafile = With a self-signed cert. But when I remote connect from another host using: openssl s_client -showcerts -connect samba4-dc:636 -ssl3 I get a successful connection. Any ideas? Thanks, Chris. -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192

...sysvol > read only = No > > On the LAMP server with LTB Self Service Password and other web apps i > configure the ldap.conf with > TLS_CACERT /etc/ssl/ca_chrono-dom.lan.pem > TLS_REQCERT never > and the read mode bit for other > > With openssl s_client -showcerts -connect dmz-pve-srv9.chrono-dom.lan:636 > or openssl s_client -CAfile <path to the self signed CA> -showcerts > -connect dmz-pve-srv9.chrono-dom.lan:636 > returns Verify return code: 18 (self signed certificate) but i don't > think that can be a problem. > > I apprecia...

...domUs, one of them is a fli4l router, the others are eisfair domUs (fileserver, webserver and mailserver). All of the domUs are connected via vif network interface with a bridge in dom0. There is a problem invoking following command in every domU: openssl s_client -connect pop.googlemail.com:995 -showcerts After some minutes the command stops with an ssl handshake error. In a tcpdump I can see, that after SSLv2 Client Hello only TCP retransmissions are sent by the domU. There is no answer from the server. The TCP handshake with the server is ok, the TCP finish too. If I call the same command in dom...

...----- 1 root ldap 4604 Nov 24 18:57 gd_bundle.crt -r--r----- 1 root ldap 1537 Nov 25 02:00 sf_issuing.crt and I get the same result for each when I attempt to connect to SSL on the LDAP server: [root at LCENT01:/tmp/Foswiki-1.1.2]#openssl s_client -connect ldap.example.com:389 -showcerts -CAfile sf_issuing.crt 13730:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('sf_issuing.crt','r') 13730:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125: 13730:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:sy...

...:smtp.cs.sbg.ac.at, DNS:imap.cs.sbg.ac.at, DNS:pop.cs.sbg.ac.at X509v3 Subject Alternative Name:? ? DNS:mail.cs.sbg.ac.at, DNS:mail.cosy.sbg.ac.at, DNS:smtp.cosy.sbg.ac.at, DNS:imap.cosy.sbg.ac.at, DNS:pop.cosy.sbg.ac.at I thought of attaching a file with 13 outputs of command $ openssl s_client -showcerts -connect 141.201.4.5:993 but this would certainly exceed the limit of 40kb. Anyway, except for the SSL handshake the outputs exactly meet the two examples a few lines below. Statistics: Only connections 10,11,13 showed the default certificate. So running only a few connections might end up with 10...

In some customer yes, but they are with LTSP (pxe boot) where another use graphical interface, but would rather have a web interface to change the password. This tambpem would be used for windows stations off the field. Em 10-05-2016 16:05, Rowland penny escreveu: > Not even on the clients ??

Hi all, I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains. I'm using letsencrypt certificates. On the 10-ssl.conf, when I only use one domain, like this, it works : ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem ssl_key =

...= yes tls keyfile = tls/key.pem tls certfile = tls/cert.pem without cafile when i try to verify with: openssl verify /usr/local/samba/private/tls/myCert.pem it said me unable to verify the first certificate and if add -CApath works! and finally when i try from another dc with openssl s_client -showcerts -connect dc1.samdom.example.com:636 it said me unable to verify the fisrt certificate. i need add cafile in smb? what is worng?

...On the LAMP server with LTB Self Service Password and other web apps i >>> configure the ldap.conf with >>> TLS_CACERT /etc/ssl/ca_chrono-dom.lan.pem >>> TLS_REQCERT never >>> and the read mode bit for other >>> >>> With openssl s_client -showcerts -connect >>> dmz-pve-srv9.chrono-dom.lan:636 >>> or openssl s_client -CAfile <path to the self signed CA> -showcerts >>> -connect dmz-pve-srv9.chrono-dom.lan:636 >>> returns Verify return code: 18 (self signed certificate) but i don't >>> thin...

...; 2015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS > connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with > cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > > I checked certs by openssl s_client: > #openssl s_client -connect localhost:24 -showcerts -starttls smtp -CApath > /etc/ssl/certs/ > > And I gets > > didn't found starttls in server response, try anyway... > depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15, OU = > Domain Control Validated - RapidSSL(R), CN = mail.active24.pl > verify e...

...lity?of my certs is, that both share the same Common Name (CN) but differ in?Subject Alternative Names (SAN). Once your config works, you can check by initialising several connections?(I tried 30 times) without SNI using openssl. First command is without SNI,?second is with SNI. $ openssl s_client -showcerts -connect IP-address:993 $ openssl s_client -showcerts -connect IP-address:993 -servername server.domain? This is my bugreport on this list.https://dovecot.org/pipermail/dovecot /2018-July/112368.html Best regardsMartin Johannes Dauser On Wed, 2018-08-29 at 14:41 +0000, Nicolas wrote: > ?Hi all...

...invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com >> doveadm(casoli): Fatal: Disconnected from remote: Received invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com > > Which I can reproduce with openssl (openssl s_client -showcerts -CApath /etc/ssl/certs -connect my.domain.com:12345) : >> (...) >> Verify return code: 21 (unable to verify the first certificate) > Indeed, in this case, dovecot only returns the local part of the certificate (my.domain.com), and not the full chain (with the intermediate CA). >...

...e created a root-Certificate with almost untouched openssl.cnf and issued a server-certificate for dovecot. This cert and it's key I placed in somewhat like /var/dovecot. To state explicitly, away from it's superior root-cert. So, a: openssl s_client -connect server.tektoform.lan:993 -showcerts ends up in: unable to get local issuer certificate. Althougt connections from clients are working, I prefer to set it up cleanly. Does openssl-clientlib looks up for openssl.cnf, where the place of root-CA-cert is denoted, or do I have to put all cert together in a single directory, or, or, o...