Displaying 20 results from an estimated 61 matches for "showcerts".
2017 Jan 06
2
Dovecot dsync tcps sends incomplete certificate chain
...but a chained server+intermediate in the server
certificate file, then your analysis makes sense and it seems that the
intermediate certificate is not being sent by the server. That ties in
with the different error messages between imap and replication.
It might be interesting to do a test with -showcerts parameter.
|openssl s_client -showcerts -connect hostname:|7557
|openssl s_client -showcerts -connect hostname:993 The bundled version of
Dovecot on Centos 7 is 2.2.10 but I am not using that version. I am on
2.2.26, where I don't have the problem you see and both services send
the server and...
2019 Aug 29
2
I broke "yum update" - C7
On 8/29/19 3:03 AM, Gary Stainburn wrote:
> https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."
What do you see when you run:
??? openssl s_client -showcerts -connect us-east.repo.webtatic.com:443
2016 Nov 10
2
service doveadm : ssl problems
...hake: Received invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com
> doveadm(casoli): Fatal: Disconnected from remote: Received invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com
Which I can reproduce with openssl (openssl s_client -showcerts -CApath /etc/ssl/certs -connect my.domain.com:12345) :
> (...)
> Verify return code: 21 (unable to verify the first certificate)
Indeed, in this case, dovecot only returns the local part of the certificate (my.domain.com), and not the full chain (with the intermediate CA).
While testing regu...
2019 Jul 18
1
Dovecot 2.3.0 TLS
...my iOS mail client (12.2)
Thunderbird just work fine.
Here is my configuration:
Debian Buster (amd64)
Dovecot: 2.3.4.1
Postfix : 3.4.5
OpenSSL: 1.1.1c
Dovecot configuration file:
ssl_min_protocol = TLSv1.2 (I tried different version)
When I tried to connect with command line: openssl s_client -showcerts -connect server:993
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2322 bytes and written 392 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_...
2015 Jul 27
2
LMPT SSL
...tificate, postfix shows,
2015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS
connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with
cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
I checked certs by openssl s_client:
#openssl s_client -connect localhost:24 -showcerts -starttls smtp
-CApath /etc/ssl/certs/
And I gets
didn't found starttls in server response, try anyway...
depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15,
OU = Domain Control Validated - RapidSSL(R), CN = mail.active24.pl
verify error:num=20:unable to get local issuer...
2018 Jul 20
2
dovecot sometimes sends non-default SSL cert if IMAP client won't send SNI
...fflineIMAP complains?
'CA Cert verifying failed:
??no matching domain name found in certificate'
So at least offlineIMAP 7.0.12 from Debain stretch won't send SNI,
there is a newer version upstream though.
I myself checked the server's behaviour with openssl:
$ openssl s_client -showcerts?-connect IP-address:993
and
$ openssl s_client -showcerts?-connect IP-address:993 -servername
imap.domain
I'm totally clueless about how come.
Best regards
Martin Johannes Dauser
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-862.el7.x86_64 x86_64 Red Hat Enterprise Linux
Serve...
2015 Apr 17
1
LDAPS on DC
...dows) I cannot connect.
> > Failed tests:
> > *ldapsearch -I -H ldaps://dc*
> > ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
> > additional info: (unknown error code)
Does the OpenSSL test connect, and if so with what result?
openssl s_client -showcerts -connect DC.EXAMPLE.COM:636
--
Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA
2014 Nov 04
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
...to disable SSLv3 protocol in smb.conf on Samba4.
I am using the following:
tls enabled = yes
tls keyfile = tls/myKey.pem
tls certfile = tls/myCert.pem
tls cafile =
With a self-signed cert.
But when I remote connect from another host using:
openssl s_client -showcerts -connect samba4-dc:636 -ssl3
I get a successful connection.
Any ideas?
Thanks,
Chris.
--
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192
2016 May 11
2
Change Password after expired
...sysvol
> read only = No
>
> On the LAMP server with LTB Self Service Password and other web apps i
> configure the ldap.conf with
> TLS_CACERT /etc/ssl/ca_chrono-dom.lan.pem
> TLS_REQCERT never
> and the read mode bit for other
>
> With openssl s_client -showcerts -connect dmz-pve-srv9.chrono-dom.lan:636
> or openssl s_client -CAfile <path to the self signed CA> -showcerts
> -connect dmz-pve-srv9.chrono-dom.lan:636
> returns Verify return code: 18 (self signed certificate) but i don't
> think that can be a problem.
>
> I apprecia...
2010 Nov 17
2
domU networking problem
...domUs, one of them is a fli4l router, the others are
eisfair domUs (fileserver, webserver and mailserver). All of the domUs
are connected via vif network interface with a bridge in dom0.
There is a problem invoking following command in every domU:
openssl s_client -connect pop.googlemail.com:995 -showcerts
After some minutes the command stops with an ssl handshake error. In a
tcpdump I can see, that after SSLv2 Client Hello only TCP
retransmissions are sent by the domU. There is no answer from the
server. The TCP handshake with the server is ok, the TCP finish too.
If I call the same command in dom...
2010 Nov 25
1
can't use godaddy SSL cert
...----- 1 root ldap 4604 Nov 24 18:57 gd_bundle.crt
-r--r----- 1 root ldap 1537 Nov 25 02:00 sf_issuing.crt
and I get the same result for each when I attempt to connect to SSL on
the LDAP server:
[root at LCENT01:/tmp/Foswiki-1.1.2]#openssl s_client -connect
ldap.example.com:389 -showcerts -CAfile sf_issuing.crt
13730:error:02001002:system library:fopen:No such file or
directory:bss_file.c:122:fopen('sf_issuing.crt','r')
13730:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
13730:error:0B084002:x509 certificate
routines:X509_load_cert_crl_file:sy...
2018 Jul 24
1
dovecot sometimes sends non-default SSL cert if IMAP client won't send SNI
...:smtp.cs.sbg.ac.at, DNS:imap.cs.sbg.ac.at,
DNS:pop.cs.sbg.ac.at
X509v3 Subject Alternative Name:?
? DNS:mail.cs.sbg.ac.at, DNS:mail.cosy.sbg.ac.at,
DNS:smtp.cosy.sbg.ac.at, DNS:imap.cosy.sbg.ac.at,
DNS:pop.cosy.sbg.ac.at
I thought of attaching a file with 13 outputs of command
$ openssl s_client -showcerts -connect 141.201.4.5:993
but this would certainly exceed the limit of 40kb. Anyway, except for
the SSL handshake the outputs exactly meet the two examples a few lines
below.
Statistics: Only connections 10,11,13 showed the default certificate.
So running only a few connections might end up with 10...
2016 May 10
3
Change Password after expired
In some customer yes, but they are with LTSP (pxe boot) where another
use graphical interface, but would rather have a web interface to change
the password.
This tambpem would be used for windows stations off the field.
Em 10-05-2016 16:05, Rowland penny escreveu:
> Not even on the clients ??
2018 Aug 29
3
SNI Dovecot
Hi all,
I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains.
I'm using letsencrypt certificates.
On the 10-ssl.conf, when I only use one domain, like this, it works :
ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem
ssl_key =
2018 Jul 20
4
autogenerated self-signed certificate problem
...= yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
without cafile
when i try to verify with:
openssl verify /usr/local/samba/private/tls/myCert.pem
it said me unable to verify the first certificate
and if add -CApath works!
and finally when i try from another dc with
openssl s_client -showcerts -connect dc1.samdom.example.com:636
it said me unable to verify the fisrt certificate.
i need add cafile in smb?
what is worng?
2016 May 11
1
Change Password after expired
...On the LAMP server with LTB Self Service Password and other web apps i
>>> configure the ldap.conf with
>>> TLS_CACERT /etc/ssl/ca_chrono-dom.lan.pem
>>> TLS_REQCERT never
>>> and the read mode bit for other
>>>
>>> With openssl s_client -showcerts -connect
>>> dmz-pve-srv9.chrono-dom.lan:636
>>> or openssl s_client -CAfile <path to the self signed CA> -showcerts
>>> -connect dmz-pve-srv9.chrono-dom.lan:636
>>> returns Verify return code: 18 (self signed certificate) but i don't
>>> thin...
2015 Jul 27
0
LMPT SSL
...; 2015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS
> connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with
> cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>
> I checked certs by openssl s_client:
> #openssl s_client -connect localhost:24 -showcerts -starttls smtp -CApath
> /etc/ssl/certs/
>
> And I gets
>
> didn't found starttls in server response, try anyway...
> depth=0 OU = GT46258006, OU = See www.rapidssl.com/resources/cps (c)15, OU =
> Domain Control Validated - RapidSSL(R), CN = mail.active24.pl
> verify e...
2018 Aug 31
0
SNI Dovecot
...lity?of my certs is, that both share the same
Common Name (CN) but differ in?Subject Alternative Names (SAN).
Once your config works, you can check by initialising several
connections?(I tried 30 times) without SNI using openssl. First command
is without SNI,?second is with SNI.
$ openssl s_client -showcerts -connect IP-address:993
$ openssl s_client -showcerts -connect IP-address:993 -servername
server.domain?
This is my bugreport on this list.https://dovecot.org/pipermail/dovecot
/2018-July/112368.html
Best regardsMartin Johannes Dauser
On Wed, 2018-08-29 at 14:41 +0000, Nicolas wrote:
> ?Hi all...
2016 Nov 10
0
service doveadm : ssl problems
...invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com
>> doveadm(casoli): Fatal: Disconnected from remote: Received invalid SSL certificate: unable to get local issuer certificate: /CN=my.domain.com
>
> Which I can reproduce with openssl (openssl s_client -showcerts -CApath /etc/ssl/certs -connect my.domain.com:12345) :
>> (...)
>> Verify return code: 21 (unable to verify the first certificate)
> Indeed, in this case, dovecot only returns the local part of the certificate (my.domain.com), and not the full chain (with the intermediate CA).
>...
2005 Feb 21
1
Dovecot SSL-Certificate
...e created a
root-Certificate with almost untouched openssl.cnf and issued a
server-certificate for dovecot. This cert and it's key I placed in
somewhat like /var/dovecot. To state explicitly, away from it's superior
root-cert.
So, a:
openssl s_client -connect server.tektoform.lan:993 -showcerts
ends up in:
unable to get local issuer certificate.
Althougt connections from clients are working, I prefer to set it up
cleanly. Does openssl-clientlib looks up for openssl.cnf, where the
place of root-CA-cert is denoted, or do I have to put all cert together
in a single directory, or, or, o...