t/s expired cert error
Yassine Chaouche
a.chaouche at algerian-radio.dz
Wed Mar 3 11:11:23 EET 2021
Le 3/2/21 à 9:04 PM, Arjen de Korte a écrit :
> Citeren Voytek Eymont <voytek at sbt.net.au>:
>
>> On Wed, March 3, 2021 1:17 am, Yassine Chaouche wrote:
>> hmm, just tried this, 110/143 gives error, 995/993 doesn't:
>>
>> I'll try changing in TB to SSL/TLS not StartTLS, 995 or 993, etc,
>> and, see
>> if error goes
>>
>> # echo | openssl s_client -connect emu.sbt.net.au:110 2>/dev/null |
>> openssl x509 -noout
>> -enddate
>
> On port 110/143 you need to tell the POP3/IMAP server to upgrade the
> connection to TLS. In that case, it will work just fine:
>
> # echo | openssl s_client -connect emu.sbt.net.au:110 -starttls pop3
> 2>/dev/null | openssl x509 -noout -enddate
> notAfter=Apr 27 12:11:32 2021 GMT
>
> #echo | openssl s_client -connect emu.sbt.net.au:143 -starttls imap
> 2>/dev/null | openssl x509 -noout -enddate
> notAfter=Apr 27 12:11:32 2021 GMT
>
> Remember that there is a difference between connections that are
> upgraded to TLS (110/143) and connections that use SSL by default
> (995/993). If you don't tell the first that you want to use TLS, the
> server will not present the certificate, unlike the latter.
>
> Regards, Arjen
>
*tl;dr *: use*-starttls *if you want TLS on a non-TLS port.
-- Yassine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210303/41edd681/attachment.html>
More information about the dovecot
mailing list