[Dovecot] SSL / TLS Problem

Leander S. leander.schaefer at googlemail.com
Mon Jul 12 20:18:40 EEST 2010


  Thanks for your reply.
What do you mean by "pipe"

See, I can even connect via the console from the outside:


|Notebook [~]$ openssl s_client -CApath ~/.cert/XYZ.com/ -connect 
XYZ.com:993
CONNECTED(00000003)
depth=0 /C=DE/ST=BW/L=City/O=HomeServer 
GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin at XYZ.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=DE/ST=BW/L=City/O=HomeServer 
GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin at XYZ.com
verify return:1
---
Certificate chain
0 s:/C=DE/ST=BW/L=City/O=HomeServer 
GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin at XYZ.com
    i:/C=DE/ST=BW/L=City/O=HomeServer 
GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin at XYZ.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC6TCCAlKgAwIBAgIJAN4Jfaj9QgEhMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD
VQQGEwJERTEbMBkGA1UECBMSQmFkZW4tV3VlcnR0ZW1iZXJnMREwDwYDVQQHEwhO
ZXVicm9ubjEWMBQGA1UEChMNTmV0T2NlYW4gR21iSDETMBEGA1UECxMKV2ViSG9z
dGluZzEYMBYGA1UEAxMPc2VydmVyLm5ldG9jZWFuMSQwIgYJKoZIhvcNAQkBFhVh
ZG1pbkBzZXJ2ZXIubmV0b2NlYW4wHhcNMTAwNzExMTgwMzQ4WhcNMzAwNzA2MTgw
MzQ4WjCBqjELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVy
ZzERMA8GA1UEBxMITmV1YnJvbm4xFjAUBgNVBAoTDU5ldE9jZWFuIEdtYkgxEzAR
BgNVBAsTCldlYkhvc3RpbmcxGDAWBgNVBAMTD3NlcnZlci5uZXRvY2VhbjEkMCIG
CSqGSIb3DQEJARYVYWRtaW5Ac2VydmVyLm5ldG9jZWFuMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDFiBWAJ893Ocm4dooDHHkNRZcvC4N5qjfx1wywoS2DlnV4
GwBQPYcyewx5ptcjqq863r3rvHhbNeJbcnh8jNATTxto8r2NkadwccXw4LtqpfAS
A2dhuYt8zKhiI2tlfZNCzSzDmqid4NuxKiNQGNB6OU6/x2vp0ZFTwstIr7TMAwID
AQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAtlPa
GQ4Weyi9vlIDLL4PgGsNk4sR4Ca2gbYLTd5HaSkww+BKIfz1OkFEmsNozNSo19PJ
WaOp7exCN23j5Z/+qfZSGgUAelJHxRJ0Mc8YmtTuLKaNHxWYBJit3T3n1lbuFENe
vdh8oCo6GKjjm7RkbkEvTvdzrOdztXZt3Ij4gLE=
-----END CERTIFICATE-----
subject=/C=DE/ST=BW/L=City/O=HomeServer 
GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin at XYZ.com
issuer=/C=DE/ST=BW/L=City/O=HomeServer 
GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin at XYZ.com
---
No client certificate CA names sent
---
SSL handshake has read 1313 bytes and written 325 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
     Protocol  : TLSv1
     Cipher    : DHE-RSA-AES256-SHA
     Session-ID: 
54DC3526DB721308D460CBAF21D562958D34ED146332F0B4ACBE9E1311633ED1
     Session-ID-ctx:
     Master-Key: 
1BCB1FA49855FC38ACB52C2CD8D54594C006116220D66FA0E74F68663AFE3FC09086B9BFB1FE0E515681A2E0DC7C1AFC
     Key-Arg   : None
     Start Time: 1278952607
     Timeout   : 300 (sec)
     Verify return code: 18 (self signed certificate)
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
AUTH=CRAM-MD5] NetOcean MailSystem
^C
Notebook [~]$|





Am 12.07.10 19:11, schrieb Daniel Petre:
> dude, whats the pipe at the end of the mail.key location?
>
>> It's always the same when it fails ...
>>
>>
>> And this is how my dovecot.conf looks like:
>>
>> [...]
>>
>> |##
>> ## SSL settings
>> ##
>> ssl = yes
>> ssl_cert_file = /etc/ssl/mail/mail.cert
>> ssl_key_file = /etc/ssl/mail/mail.key|
>>
>> [...]
>>
>>
>> Thank you



More information about the dovecot mailing list