t/s expired cert error
Arjen de Korte
build+dovecot at de-korte.org
Tue Mar 2 22:04:12 EET 2021
Citeren Voytek Eymont <voytek at sbt.net.au>:
> On Wed, March 3, 2021 1:17 am, Yassine Chaouche wrote:
> hmm, just tried this, 110/143 gives error, 995/993 doesn't:
>
> I'll try changing in TB to SSL/TLS not StartTLS, 995 or 993, etc, and, see
> if error goes
>
> # echo | openssl s_client -connect emu.sbt.net.au:110 2>/dev/null |
> openssl x509 -noout
> -enddate
On port 110/143 you need to tell the POP3/IMAP server to upgrade the
connection to TLS. In that case, it will work just fine:
# echo | openssl s_client -connect emu.sbt.net.au:110 -starttls pop3
2>/dev/null | openssl x509 -noout -enddate
notAfter=Apr 27 12:11:32 2021 GMT
#echo | openssl s_client -connect emu.sbt.net.au:143 -starttls imap
2>/dev/null | openssl x509 -noout -enddate
notAfter=Apr 27 12:11:32 2021 GMT
Remember that there is a difference between connections that are
upgraded to TLS (110/143) and connections that use SSL by default
(995/993). If you don't tell the first that you want to use TLS, the
server will not present the certificate, unlike the latter.
Regards, Arjen
More information about the dovecot
mailing list