Thanks for the input so far... I hear what you're saying about
Mail.app but I provide email for a small group of friends and I need
it to work with a variety of clients.
On Sep 9, 2006, at 4:45pm, OpenMacNews wrote:
you haven't referenced that you've tested the certs, or viewed them in detail in mulberry/thunderbird or shell, for that matter ...
if you haven't, again, i'd simply suggest that you do.
I did, but i wasn't sure what it meant. I got an actual signed cert
from cacerts.org and this is what i get when i try to verify it.
dovecot.cert: /CN=mail.design1st.org error 29 at 0 depth lookup:subject issuer mismatch /CN=mail.design1st.org error 29 at 0 depth lookup:subject issuer mismatch /CN=mail.design1st.org error 29 at 0 depth lookup:subject issuer mismatch OK
all my self-signed certs look like this:
design1st.cert: /C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/ CN=design1st.org error 18 at 0 depth lookup:self signed certificate OK
This seemed more interesting, but also didn't help me:
design1st:/usr/local/openssl/certs root# openssl s_client -connect
localhost:10943 -showcerts CONNECTED(00000003) depth=0 /CN=mail.design1st.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /CN=mail.design1st.org verify error:num=27:certificate not trusted verify return:1 depth=0 /CN=mail.design1st.org verify error:num=21:unable to verify the first certificate verify return:1Certificate chain 0 s:/CN=mail.design1st.org i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
Authority/emailAddress=support@cacert.org -----BEGIN CERTIFICATE----- MIIEWTCCAkGgAwIBAgIDAqhMMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y dEBjYWNlcnQub3JnMB4XDTA2MDkwOTIzNDYzMVoXDTA3MDMwODIzNDYzMVowHTEb MBkGA1UEAxMSbWFpbC5kZXNpZ24xc3Qub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDiRDQnEyIwW6u3digVgFZpYYJ8ME7tKDSkbrm0IeSbW4qOnQJ1vTZD pYQ5EZraScR1c1eGNEzSdAXy7oEPKspNxmaslL1C+hk6hYCvVhjdgG9QmUAwhoDM komhP+YG4bO/yC3m72JKgpUPUHCXmFoWzP16B6rCDX96UV03JgE8XQIDAQABo4HJ MIHGMAwGA1UdEwEB/wQCMAAwNAYDVR0lBC0wKwYIKwYBBQUHAwIGCCsGAQUFBwMB BglghkgBhvhCBAEGCisGAQQBgjcKAwMwCwYDVR0PBAQDAgWgMDIGCCsGAQUFBwEB BCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9yZzA/BgNVHREE ODA2ghJtYWlsLmRlc2lnbjFzdC5vcmegIAYIKwYBBQUHCAWgFAwSbWFpbC5kZXNp Z24xc3Qub3JnMA0GCSqGSIb3DQEBBQUAA4ICAQB2WcnVYg8aH6Undaey/9u27EqJ F0JkEzIsW7St2eKvBdEFq3kRZYT1lbAT5rJlmBd+cy7HYPfcrd6vfZP7xrD4+gK8 jzWikQAuAH7HtKNl5mDL7WDzJrsDj9xgOddQfo2hUp2vvvDBuMPFWTVwnTKqUogH /7AKdeJsDUtXrHMqfO24AbEaxnZG9g7VuaUFMM2KXiOLuwppqs3/V80YFqE2NQW1 1n8VGagDe4WqsSNLK8INjaX8txkzgTSoC52nSw8uSnRV2OqyJk+NFN9kyOeBxMnN YTZN7KnFJNM+eL4kQcgj3X/sBod1HkFiFc9luNhs6YcSFHYDyHKTCstCVPc3maVL E5cM6infxZyQCu/lMsIQhEtOBnT5xLe4RhYLERXORgu3eusoEm6KYj1eEkLpkv0O vtCoCjeMRgoe2nRna41O1y7LDy2AHTKym1XM5+Mmt/yx9fnyOJsSVeDUx5EOBrIE DRGSJ/5VOw3LZZ0rVzNW0MsJTd8Svv5L0a0/YJ7onm22y1HOOJCdkM0ENok7008F 2/+KGvCF6lATYMzhnRRtdXn13Ci1bUK/IdZvJoXE/gS7ajDOLZzlaJHiyIOvwRDM OPlbcMjdgnSDrkxf6KAzSEb23Tk3utdyZW+P8bRfGK4ObGBgk1j2nPaFQCQJPC/Z NRO4/+zsOSMOvnQ5CA== -----END CERTIFICATE-----Server certificate subject=/CN=mail.design1st.org issuer=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
Authority/emailAddress=support@cacert.orgNo client certificate CA names sent
SSL handshake has read 1681 bytes and written 340 bytes
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID:
1CDF45682A2292396C55FDEC04BD51B0F50F91E0A3447A096588A8A184C60706 Session-ID-ctx: Master-Key:
85513BB8BEA91C65A9DD5F14F7264BE2E108A15C8F1B4F88711DE61BF912450BBE286C 0008197298EC8A16CE8D11BF4B Key-Arg : None Start Time: 1157850811 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate)
- OK Dovecot ready.