search for: startcom

Displaying 20 results from an estimated 28 matches for "startcom".

2013 May 18
1
How to configure ssl cert chain in dovecot 10-ssl.conf file
Hi there, Does anyone know how to do this: "Put all the certificates in the ssl_cert file. For example when using a certificate signed by TDC the correct order is: Dovecot's public certificate TDC SSL Server CA TDC Internet Root CA Globalsign Partners CA " I try to set these parameters in the conf.d/10-ssl.conf as below, but it seems doesn't work. ---
2014 Oct 11
0
]UG] Dovecot 2.2.9 SSL client cert verification fails: openssl verify: OK
...dle.pem. openssl verify -CAfile ca-bundle.pem -crl_check_all -policy_check -x509_strict -verbose client-cert.pem returns: client-cert.pem: OK However dovecot reports the following: Oct 11 01:41:17 hostname dovecot: imap-login: Invalid certificate: unable to get local issuer certificate: /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority Oct 11 01:41:17 hostname dovecot: imap-login: Invalid certificate: certificate not trusted: /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority Oct 11 01:41:17 hostname dovecot...
2015 Jan 12
2
Dovecot replication over TCP/SSL, certificate error
...rom directory /etc/ssl/certs: error:02001024:system library:fopen:File name too longdoveadm: Error: Failed to iterate through some users*" this is my config (part): *ssl_cert = </etc/ssl/certs/alpha-servers.pemssl_key = </etc/ssl/private/alpha-servers.keyssl_ca = </etc/ssl/certs/startcom-ca-bundle.pemssl_client_ca_dir = /etc/ssl/certsssl_client_ca_file = </etc/ssl/certs/startcom-ca.pemssl_protocols = !SSLv2 !SSLv3* The file startcom-ba-bundle contains the complete chain. The file startcom-ca contains only the ca certificate. Can anybody help, please? -- with kind regards, Jon...
2014 Sep 25
2
SSL issues when proxying
I'm getting this in the log when proxying IMAP (three "valid certificate" messages, two "Invalid certificate" messages) Why is dovecot (acting as a proxy to another dovecot instance here) not recognizing the StartCom Extended Validation Server CA? . LOGIN ralf.hildebrandt at charite.de mypassword Sep 25 14:13:04 auth-worker(30859): Info: mysql(sql.charite.de): Connected to database mailservice Sep 25 14:13:04 imap-login: Debug: SSL: where=0x10, ret=1: before/connect initialization [127.0.0.1] Sep 25 14:13:04 i...
2015 Nov 12
2
Problems after upgrade from 2.0 to 2.2
...a_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = file:~/sieve;active=~/.dovecot.sieve } postmaster_address = postmaster at my.domain.de protocols = " imap sieve pop3" quota_full_tempfail = yes ssl = required ssl_cert = </etc/ssl/StartCom/test.my.domain.pem ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+RC4:EDH+aRSA EECDH RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS ssl_key = </etc/ssl/StartCom/test.my.domain.key ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv2 !SSLv3 userdb {...
2015 Jan 12
0
Dovecot replication over TCP/SSL, certificate error
...error:02001024:system library:fopen:File name too longdoveadm: Error: > Failed to iterate through some users*" > > this is my config (part): > > *ssl_cert = </etc/ssl/certs/alpha-servers.pemssl_key = > </etc/ssl/private/alpha-servers.keyssl_ca = > </etc/ssl/certs/startcom-ca-bundle.pemssl_client_ca_dir = > /etc/ssl/certsssl_client_ca_file = > </etc/ssl/certs/startcom-ca.pemssl_protocols = !SSLv2 !SSLv3* > > The file startcom-ba-bundle contains the complete chain. The file > startcom-ca contains only the ca certificate. Can anybody help, please? di...
2012 May 08
2
Thunderbird STARTTLS error
...Whenever I start a session with openssl to STARTTTL (Server: mail.opsys.de) the handshake is successfull. Also I am able to login to my account via 1 login. In Thunderbird port 993 for SSL/TLS works correct, only STARTTLS on port 143 isn't working properly. The cert is Class 1 and signed by StartCom Ltd.. Dovecot.conf (for viewable reasons of this mail pasted): http://pastie.org/private/bmrymyuo16ohzxdahf0nq And here openssl output: http://pastie.org/private/3rpgll2s7hblev9ozpcq8w Note the 'Verify return code: 21 (unable to verify the first certificate)' in the output... Thanks for...
2015 Feb 10
0
Slow replication
...or { > process_min_avail = 1 > unix_listener replicator-doveadm { > group = vmail > mode = 0666 > user = vmail > } > unix_listener replicator { > group = vmail > mode = 0666 > user = vmail > } > } > ssl_ca = </etc/ssl/certs/startcom-bundle.pem > ssl_cert = </etc/ssl/certs/server2.pem > ssl_cipher_list = > EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH:EDH:HIGH:+RSA:+SHA: > MEDIUM:+RC4:RC4:!aNULL:!MD5:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP > ssl_dh_parameters_length = 2048 > ssl_key = </etc/ssl/private/server2.key...
2016 Jun 15
3
https and self signed
On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > I do see WoSign there (though I'd prefer to avoid my US located servers > have certificates signed by authority located in China, hence located sort > of behind "the great firewall of China" - call me superstitious). That?s a perfectly valid concern. The last I heard, modern
2007 Oct 11
2
CentOS 5 LiveCD better than the real one?
Folks, I am terribly puzzled by an issue reported as bug 2381 [http://bugs.centos.org/view.php?id=2381] ? definitely an upstream bug, as it does the same under X/OS 5 and StartCom 5. Simply put: Hibernation fails with horrendous I/O errors after swsusp starts dumping to swap. What bugs me is that hibernating from the CentOS 5 LiveCD *works*!!! (on the same hardware) How could I investigate to see what is the relevant difference between the LiveCD and the installed system,...
2016 Jun 15
0
https and self signed
...certificate detail view to see the chain of trust. I see two levels here: IdenTrust -> TrustID -> Let?s Encrypt. As for starttls.com, that doesn?t exist; you?re probably confusing it with the SMTP STARTTLS protocol extension. What you mean is startssl.com, which is the main public face of StartCom. StartCom is a top-tier CA.
2010 Apr 08
1
ssh-add -s /usr/lib/opensc-pkcs11.so does not work
...X.509 cert label: CAcert WoT User's Root CA ID ID: 7645d913d5***********54816ff02324c23a7ebf4 Public Key Object; RSA 2048 bits label: Public Key ID: 6d0534d04a***********49967a2e33571deec58 Usage: none Certificate Object, type = X.509 cert label: StartCom Free Certificate Member's StartCom Ltd. ID ID: 6d0534d04a***********49967a2e33571deec58 ps aux | grep ssh-agent jmpoure 2520 0.0 0.0 20420 600 ? Ss 09:04 0:00 /usr/bin/ssh-agent /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/jmpoure/.gnupg/gpg-agent-info-acer...
2007 Jun 28
8
How to add to EPEL wishlist?
Does anyone know how to submit wishes to the EPEL Wishlist here? http://fedoraproject.org/wiki/EPEL/WishList It reads "Immutable Page". They say: "Please add packages that are part of Fedora but lack a EPEL maintainer to this list", but there is no way to do that! They don't say if "Packages part of Fedora" means "Core" or it can be Extras too, but
2016 Jun 15
1
https and self signed
...y, can I still trust that the physical entity owning server cert is indeed who it claims to be). > > As for starttls.com, that doesn???t exist; you???re probably confusing it > with the SMTP STARTTLS protocol extension. What you mean is startssl.com, > which is the main public face of StartCom. StartCom is a top-tier CA. I'm sure I did copy and paste, so that should have copied from OP e-mail... Thanks again, Warren, Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Phys...
2015 Nov 12
0
Problems after upgrade from 2.0 to 2.2
...5 %u > quota_warning2 = storage=80%% quota-warning 80 %u > sieve = file:~/sieve;active=~/.dovecot.sieve > } > postmaster_address = postmaster at my.domain.de > protocols = " imap sieve pop3" > quota_full_tempfail = yes > ssl = required > ssl_cert = </etc/ssl/StartCom/test.my.domain.pem > ssl_cipher_list = > EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+RC4:EDH+aRSA > EECDH RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS > ssl_key = </etc/ssl/StartCom/test.my.domain.key > ssl_prefer_server_ciphers = yes > ssl_proto...
2015 Nov 12
1
Problems after upgrade from 2.0 to 2.2
...= storage=80%% quota-warning 80 %u >> sieve = file:~/sieve;active=~/.dovecot.sieve >> } >> postmaster_address = postmaster at my.domain.de >> protocols = " imap sieve pop3" >> quota_full_tempfail = yes >> ssl = required >> ssl_cert = </etc/ssl/StartCom/test.my.domain.pem >> ssl_cipher_list = >> EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+RC4:EDH+aRSA >> EECDH RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS >> ssl_key = </etc/ssl/StartCom/test.my.domain.key >> ssl_prefer_server_ciphers...
2007 May 29
3
business ssl certs for centos www and/or email servers
Although I know the basics about getting and installing web and mail server ssl certs, I haven't had to "purchase" and do it "myself" for some time. i always had someone else dealing with it. I am wondering what you folks on the list are using on your centos web and mail servers :-) Are you making your own or are you purchasing them from godaddy, thawte, geotrust,
2014 Nov 25
1
failed login message
thanks for your reply i intentionaly put the wrong password and checked the dovecot log and the message i got was # tail -f /var/log/dovecot.log | grep "xxx at yyy.com" Nov 25 08:47:46 imap-login: Info: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx at yyy.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<xObTWqYIwgB/AAAB> but in the
2010 Apr 08
6
[Bug 1751] New: ssh-add -s /usr/lib/opensc-pkcs11.so does not work
...X.509 cert label: CAcert WoT User's Root CA ID ID: 7645d913d5***********54816ff02324c23a7ebf4 Public Key Object; RSA 2048 bits label: Public Key ID: 6d0534d04a***********49967a2e33571deec58 Usage: none Certificate Object, type = X.509 cert label: StartCom Free Certificate Member's StartCom Ltd. ID ID: 6d0534d04a***********49967a2e33571deec58 ps aux | grep ssh-agent jmpoure 2520 0.0 0.0 20420 600 ? Ss 09:04 0:00 /usr/bin/ssh-agent /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/jmpoure/.gnupg/gpg-agent-info-acer...
2017 Feb 17
7
Problem with Let's Encrypt Certificate
Hello Folks, my StartCom SSL-Certificate expires soon and so I wanted to switch to Let's Encrypt Certificates instead. Unfortunatelly Thunderbird seems not to like it, although all -tested- other Clients work without any problems. When I connect with Thunderbird it sends an "Encrypted Alert" directly after t...