search for: startcom

Hi there, Does anyone know how to do this: "Put all the certificates in the ssl_cert file. For example when using a certificate signed by TDC the correct order is: Dovecot's public certificate TDC SSL Server CA TDC Internet Root CA Globalsign Partners CA " I try to set these parameters in the conf.d/10-ssl.conf as below, but it seems doesn't work. ---

...dle.pem. openssl verify -CAfile ca-bundle.pem -crl_check_all -policy_check -x509_strict -verbose client-cert.pem returns: client-cert.pem: OK However dovecot reports the following: Oct 11 01:41:17 hostname dovecot: imap-login: Invalid certificate: unable to get local issuer certificate: /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority Oct 11 01:41:17 hostname dovecot: imap-login: Invalid certificate: certificate not trusted: /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority Oct 11 01:41:17 hostname dovecot...

...rom directory /etc/ssl/certs: error:02001024:system library:fopen:File name too longdoveadm: Error: Failed to iterate through some users*" this is my config (part): *ssl_cert = </etc/ssl/certs/alpha-servers.pemssl_key = </etc/ssl/private/alpha-servers.keyssl_ca = </etc/ssl/certs/startcom-ca-bundle.pemssl_client_ca_dir = /etc/ssl/certsssl_client_ca_file = </etc/ssl/certs/startcom-ca.pemssl_protocols = !SSLv2 !SSLv3* The file startcom-ba-bundle contains the complete chain. The file startcom-ca contains only the ca certificate. Can anybody help, please? -- with kind regards, Jon...

I'm getting this in the log when proxying IMAP (three "valid certificate" messages, two "Invalid certificate" messages) Why is dovecot (acting as a proxy to another dovecot instance here) not recognizing the StartCom Extended Validation Server CA? . LOGIN ralf.hildebrandt at charite.de mypassword Sep 25 14:13:04 auth-worker(30859): Info: mysql(sql.charite.de): Connected to database mailservice Sep 25 14:13:04 imap-login: Debug: SSL: where=0x10, ret=1: before/connect initialization [127.0.0.1] Sep 25 14:13:04 i...

...a_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = file:~/sieve;active=~/.dovecot.sieve } postmaster_address = postmaster at my.domain.de protocols = " imap sieve pop3" quota_full_tempfail = yes ssl = required ssl_cert = </etc/ssl/StartCom/test.my.domain.pem ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+RC4:EDH+aRSA EECDH RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS ssl_key = </etc/ssl/StartCom/test.my.domain.key ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv2 !SSLv3 userdb {...

...error:02001024:system library:fopen:File name too longdoveadm: Error: > Failed to iterate through some users*" > > this is my config (part): > > *ssl_cert = </etc/ssl/certs/alpha-servers.pemssl_key = > </etc/ssl/private/alpha-servers.keyssl_ca = > </etc/ssl/certs/startcom-ca-bundle.pemssl_client_ca_dir = > /etc/ssl/certsssl_client_ca_file = > </etc/ssl/certs/startcom-ca.pemssl_protocols = !SSLv2 !SSLv3* > > The file startcom-ba-bundle contains the complete chain. The file > startcom-ca contains only the ca certificate. Can anybody help, please? di...

...Whenever I start a session with openssl to STARTTTL (Server: mail.opsys.de) the handshake is successfull. Also I am able to login to my account via 1 login. In Thunderbird port 993 for SSL/TLS works correct, only STARTTLS on port 143 isn't working properly. The cert is Class 1 and signed by StartCom Ltd.. Dovecot.conf (for viewable reasons of this mail pasted): http://pastie.org/private/bmrymyuo16ohzxdahf0nq And here openssl output: http://pastie.org/private/3rpgll2s7hblev9ozpcq8w Note the 'Verify return code: 21 (unable to verify the first certificate)' in the output... Thanks for...

...or { > process_min_avail = 1 > unix_listener replicator-doveadm { > group = vmail > mode = 0666 > user = vmail > } > unix_listener replicator { > group = vmail > mode = 0666 > user = vmail > } > } > ssl_ca = </etc/ssl/certs/startcom-bundle.pem > ssl_cert = </etc/ssl/certs/server2.pem > ssl_cipher_list = > EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH:EDH:HIGH:+RSA:+SHA: > MEDIUM:+RC4:RC4:!aNULL:!MD5:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP > ssl_dh_parameters_length = 2048 > ssl_key = </etc/ssl/private/server2.key...

On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > I do see WoSign there (though I'd prefer to avoid my US located servers > have certificates signed by authority located in China, hence located sort > of behind "the great firewall of China" - call me superstitious). That?s a perfectly valid concern. The last I heard, modern

Folks, I am terribly puzzled by an issue reported as bug 2381 [http://bugs.centos.org/view.php?id=2381] ? definitely an upstream bug, as it does the same under X/OS 5 and StartCom 5. Simply put: Hibernation fails with horrendous I/O errors after swsusp starts dumping to swap. What bugs me is that hibernating from the CentOS 5 LiveCD *works*!!! (on the same hardware) How could I investigate to see what is the relevant difference between the LiveCD and the installed system,...

...certificate detail view to see the chain of trust. I see two levels here: IdenTrust -> TrustID -> Let?s Encrypt. As for starttls.com, that doesn?t exist; you?re probably confusing it with the SMTP STARTTLS protocol extension. What you mean is startssl.com, which is the main public face of StartCom. StartCom is a top-tier CA.

...X.509 cert label: CAcert WoT User's Root CA ID ID: 7645d913d5***********54816ff02324c23a7ebf4 Public Key Object; RSA 2048 bits label: Public Key ID: 6d0534d04a***********49967a2e33571deec58 Usage: none Certificate Object, type = X.509 cert label: StartCom Free Certificate Member's StartCom Ltd. ID ID: 6d0534d04a***********49967a2e33571deec58 ps aux | grep ssh-agent jmpoure 2520 0.0 0.0 20420 600 ? Ss 09:04 0:00 /usr/bin/ssh-agent /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/jmpoure/.gnupg/gpg-agent-info-acer...

Does anyone know how to submit wishes to the EPEL Wishlist here? http://fedoraproject.org/wiki/EPEL/WishList It reads "Immutable Page". They say: "Please add packages that are part of Fedora but lack a EPEL maintainer to this list", but there is no way to do that! They don't say if "Packages part of Fedora" means "Core" or it can be Extras too, but

...y, can I still trust that the physical entity owning server cert is indeed who it claims to be). > > As for starttls.com, that doesn???t exist; you???re probably confusing it > with the SMTP STARTTLS protocol extension. What you mean is startssl.com, > which is the main public face of StartCom. StartCom is a top-tier CA. I'm sure I did copy and paste, so that should have copied from OP e-mail... Thanks again, Warren, Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Phys...

...5 %u > quota_warning2 = storage=80%% quota-warning 80 %u > sieve = file:~/sieve;active=~/.dovecot.sieve > } > postmaster_address = postmaster at my.domain.de > protocols = " imap sieve pop3" > quota_full_tempfail = yes > ssl = required > ssl_cert = </etc/ssl/StartCom/test.my.domain.pem > ssl_cipher_list = > EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+RC4:EDH+aRSA > EECDH RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS > ssl_key = </etc/ssl/StartCom/test.my.domain.key > ssl_prefer_server_ciphers = yes > ssl_proto...

...= storage=80%% quota-warning 80 %u >> sieve = file:~/sieve;active=~/.dovecot.sieve >> } >> postmaster_address = postmaster at my.domain.de >> protocols = " imap sieve pop3" >> quota_full_tempfail = yes >> ssl = required >> ssl_cert = </etc/ssl/StartCom/test.my.domain.pem >> ssl_cipher_list = >> EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+RC4:EDH+aRSA >> EECDH RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS >> ssl_key = </etc/ssl/StartCom/test.my.domain.key >> ssl_prefer_server_ciphers...

Although I know the basics about getting and installing web and mail server ssl certs, I haven't had to "purchase" and do it "myself" for some time. i always had someone else dealing with it. I am wondering what you folks on the list are using on your centos web and mail servers :-) Are you making your own or are you purchasing them from godaddy, thawte, geotrust,

thanks for your reply i intentionaly put the wrong password and checked the dovecot log and the message i got was # tail -f /var/log/dovecot.log | grep "xxx at yyy.com" Nov 25 08:47:46 imap-login: Info: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx at yyy.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<xObTWqYIwgB/AAAB> but in the

...X.509 cert label: CAcert WoT User's Root CA ID ID: 7645d913d5***********54816ff02324c23a7ebf4 Public Key Object; RSA 2048 bits label: Public Key ID: 6d0534d04a***********49967a2e33571deec58 Usage: none Certificate Object, type = X.509 cert label: StartCom Free Certificate Member's StartCom Ltd. ID ID: 6d0534d04a***********49967a2e33571deec58 ps aux | grep ssh-agent jmpoure 2520 0.0 0.0 20420 600 ? Ss 09:04 0:00 /usr/bin/ssh-agent /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/jmpoure/.gnupg/gpg-agent-info-acer...

Hello Folks, my StartCom SSL-Certificate expires soon and so I wanted to switch to Let's Encrypt Certificates instead. Unfortunatelly Thunderbird seems not to like it, although all -tested- other Clients work without any problems. When I connect with Thunderbird it sends an "Encrypted Alert" directly after t...