similar to: dovecot sometimes sends non-default SSL cert if IMAP client won't send SNI

Sure, and thanks for trying to help! These are the two correct answers when SNI is included. The certificates are fully chained. Both certificates carry the same subject mail.cs.sbg.ac.at but differ in Subject Alternative Name (SAN). X509v3 Subject Alternative Name:? ? DNS:mail.cs.sbg.ac.at, DNS:smtp.cs.sbg.ac.at, DNS:imap.cs.sbg.ac.at, DNS:pop.cs.sbg.ac.at X509v3 Subject Alternative Name:? ?

Can you provide some details on what those openssl commands returned? Aki On 20.07.2018 12:14, Martin Johannes Dauser wrote: > Hi, > > I recognised some funny behaviour on my server. IMAP clients which > won't send an Server Name Indication (SNI) sometimes get the wrong > certificate. I would expect that those clients always get the default > certificate (of my new

Hi I have some problem with SNI and dovecot 2.2.36.4 Server debian 9.x ad dovecot-2.2.36.4 default server ssl cert is a wildcard like *.domain.com (digicert) ssl_ca = /var/control/cert.pem ssl_cert = </var/control/cert.pem I added for test another domain (in dns to) for another ssl (letsencrypt) from https://wiki.dovecot.org/SSL/DovecotConfiguration like: local_name

Thanks Michael I will check with the free cert lets encrypt to test it. Remo > Il giorno 7 set 2019, alle ore 02:09, Michael Hallager via dovecot <dovecot at dovecot.org> ha scritto: > > ?On 2019-09-07 12:25, remo--- via dovecot wrote: >> What is the best way to adopt multiple certs? >> Thanks. > > /etc/dovecot/conf.d/10-ssl.conf > > Primary SSL

Hi all, I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains. I'm using letsencrypt certificates. On the 10-ssl.conf, when I only use one domain, like this, it works : ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem ssl_key =

Dear all, Does R or S-plus or any of their packages provide Non-parametric "Run test" (which tests whether a sequence of numbers might be random or not)? If yes, i'd like a numerical illustration of this test. Any response / help / comment / suggestion will be greatly appreciated. Thanks in advance. ------------------------------- Mohammad Ehsanul Karim <wildscop at

Am 2019-08-30 10:52, schrieb Gary Stainburn: > On Thursday 29 August 2019 18:10:19 Alexander Dalloz wrote: >> > 2019-08-29 17:23:18,117 exception: [Errno 14] curl#60 - "Peer's >> > Certificate issuer is not recognized." >> > 2019-08-29 17:23:18,117 retrycode (14) not in list [-1, 2, 4, 5, 6, >> > 7], re-raising >> >> [ ... ]

Hello, the RPM ca-certificates-2018.2.22-65.1.el6.noarch has a big problem ... many certificates were removed - my proxy uses this as source and isn't able to validate correct any more - most sites show this: /[No Error] (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) /Self-signed SSL Certificate in chain: /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

Am 2019-08-29 17:36, schrieb Gary Stainburn: > On Thursday 29 August 2019 16:20:00 Alexander Dalloz wrote: >> Hi, >> >> yum uses libcurl behind the scenes and thus NSS and not OpenSSL. >> >> Do you get something indicative when running: >> >> URLGRABBER_DEBUG=1 yum --disablerepo=\* --enablerepo=webtatic >> check-update >> >>

Am 2019-08-29 18:26, schrieb Gary Stainburn: > On Thursday 29 August 2019 16:47:11 Alexander Dalloz wrote: >> rpm -Vv nss > > [root at stan2 ~]# rpm -Vv nss > ......... /etc/pki/nss-legacy > ......... c /etc/pki/nss-legacy/nss-rhel7.config > ......... /etc/pki/nssdb > ......... c /etc/pki/nssdb/cert8.db > ......... c /etc/pki/nssdb/cert9.db > ......... c

>>>>> "MM" == Martin Maechler <maechler at stat.math.ethz.ch> >>>>> on Tue, 18 May 2010 12:37:21 +0200 writes: >>>>> "GaGr" == Gabor Grothendieck <ggrothendieck at gmail.com> >>>>> on Mon, 17 May 2010 09:45:00 -0400 writes: GaGr> BIC seems like something that would logically go into stats

On 8/30/19 5:52 AM, Gary Stainburn wrote: > Incidentally, the*good* server that I was referencing my broken server against has decided to start giving the curl certificate errors in the same way that the broken one did. Very strange. I ran It's possible that the error is unrelated to the ca-certificates file.? You'll only see it if yum selects a mirror that uses a Let's Encrypt

i am looking for a simple php script or anything really that will allow me to display a listener count on a simple web page. "5 users currently connected" sort of thing. i have scoured the web with no luck. i would even settle for a shell script that would pull the number out of the icecast.conf file. i don't care how it happens as long as it isn't a windows program. it has

Our DC has been using a Verisign certificate. Over the past year, we've been using a Digicert Wildcard Plus certificate for almost all of our machines, and I wanted to switched over our DC mailserver. I used the following command to generate the CSR and key: openssl req -new -newkey rsa:1024 -nodes -out star_bard_edu.csr -keyout star_bard_edu.key -subj "/C=US/ST=NY/L=ourtown/O=Bard

i have tried every password specified in the conf file (including admin_password) and every conceivable default as the username and/or password for this dialog... no luck. -p On Wednesday, March 12, 2003, at 05:44 AM, Marco Alanen wrote: > On Wed, 12 Mar 2003 04:32:28 -0500 > pharkawik@hampshire.edu wrote: > >> i will try that. about the acl_policy thing: >> >> this

> > If you can convince openssl to use it. Does anybody have any hints on how it may be done, if possible at all? Stavros

i will try that. about the acl_policy thing: this controls access but nowhere does it specify an HTTP username or password for accessing the WWW admin interface. i am NOT getting the usual "403 Forbidden You don't have access to this entity (stream or file). Please go away" error-- i can actually see the admin interface but certain pages bring up an HTTP authentication dialog.

yes.. but can anybody tell me how to pull a simple listener count out of that page with php? also still don't know how to figure out that HTTP user/pass problem... there is NOTHING about it in the docs or online -p On Wednesday, March 12, 2003, at 04:51 AM, Marco Alanen wrote: > On Wed, 12 Mar 2003 03:24:35 -0500 > pharkawik@hampshire.edu wrote: > >> i am looking for a

On 11.11.2016 12:22, Arkadiusz Mi?kiewicz wrote: > On Friday 11 of November 2016, Felipe Gasper wrote: >> Hello, >> >> We?re rolling out large SNI deployments for our mail servers. Each domain >> gets an entry like this in the config: >> >> local_name mail.foo.com { >> ssl_cert = </ssl/domain_tls/*.foo.com/combined >> ssl_key =

On 20.10.2016 15:52, Arkadiusz Mi?kiewicz wrote: > > ... -servername something If you want to try out, try applying this patch... >From 066edb5e5c14a05c90e9ae63f0b76fcfd9c1149e Mon Sep 17 00:00:00 2001 From: Aki Tuomi <aki.tuomi at dovecot.fi> Date: Thu, 20 Oct 2016 16:06:27 +0300 Subject: [PATCH] login-common: Include local_name in login_var_expand_table This way it can be used