[Dovecot] SSL / TLS Problem

Daniel Petre daniel.petre at pitesti.rcs-rds.ro
Mon Jul 12 20:23:13 EEST 2010


hey,
check your dovecot.conf :

"ssl_key_file = /etc/ssl/mail/mail.key"

is that a pipe, a vertical sign after "mail.key" ?


> Thanks for your reply.
> What do you mean by "pipe"
>
> See, I can even connect via the console from the outside:
>
>
> |Notebook [~]$ openssl s_client -CApath ~/.cert/XYZ.com/ -connect
> XYZ.com:993
> CONNECTED(00000003)
> depth=0 /C=DE/ST=BW/L=City/O=HomeServer
> GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin at XYZ.com
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 /C=DE/ST=BW/L=City/O=HomeServer
> GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin at XYZ.com
> verify return:1
> ---
> Certificate chain
> 0 s:/C=DE/ST=BW/L=City/O=HomeServer
> GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin at XYZ.com
> i:/C=DE/ST=BW/L=City/O=HomeServer
> GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin at XYZ.com
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIC6TCCAlKgAwIBAgIJAN4Jfaj9QgEhMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD
> VQQGEwJERTEbMBkGA1UECBMSQmFkZW4tV3VlcnR0ZW1iZXJnMREwDwYDVQQHEwhO
> ZXVicm9ubjEWMBQGA1UEChMNTmV0T2NlYW4gR21iSDETMBEGA1UECxMKV2ViSG9z
> dGluZzEYMBYGA1UEAxMPc2VydmVyLm5ldG9jZWFuMSQwIgYJKoZIhvcNAQkBFhVh
> ZG1pbkBzZXJ2ZXIubmV0b2NlYW4wHhcNMTAwNzExMTgwMzQ4WhcNMzAwNzA2MTgw
> MzQ4WjCBqjELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVy
> ZzERMA8GA1UEBxMITmV1YnJvbm4xFjAUBgNVBAoTDU5ldE9jZWFuIEdtYkgxEzAR
> BgNVBAsTCldlYkhvc3RpbmcxGDAWBgNVBAMTD3NlcnZlci5uZXRvY2VhbjEkMCIG
> CSqGSIb3DQEJARYVYWRtaW5Ac2VydmVyLm5ldG9jZWFuMIGfMA0GCSqGSIb3DQEB
> AQUAA4GNADCBiQKBgQDFiBWAJ893Ocm4dooDHHkNRZcvC4N5qjfx1wywoS2DlnV4
> GwBQPYcyewx5ptcjqq863r3rvHhbNeJbcnh8jNATTxto8r2NkadwccXw4LtqpfAS
> A2dhuYt8zKhiI2tlfZNCzSzDmqid4NuxKiNQGNB6OU6/x2vp0ZFTwstIr7TMAwID
> AQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAtlPa
> GQ4Weyi9vlIDLL4PgGsNk4sR4Ca2gbYLTd5HaSkww+BKIfz1OkFEmsNozNSo19PJ
> WaOp7exCN23j5Z/+qfZSGgUAelJHxRJ0Mc8YmtTuLKaNHxWYBJit3T3n1lbuFENe
> vdh8oCo6GKjjm7RkbkEvTvdzrOdztXZt3Ij4gLE=
> -----END CERTIFICATE-----
> subject=/C=DE/ST=BW/L=City/O=HomeServer
> GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin at XYZ.com
> issuer=/C=DE/ST=BW/L=City/O=HomeServer
> GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin at XYZ.com
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 1313 bytes and written 325 bytes
> ---
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public key is 1024 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol  : TLSv1
> Cipher    : DHE-RSA-AES256-SHA
> Session-ID:
> 54DC3526DB721308D460CBAF21D562958D34ED146332F0B4ACBE9E1311633ED1
> Session-ID-ctx:
> Master-Key:
> 1BCB1FA49855FC38ACB52C2CD8D54594C006116220D66FA0E74F68663AFE3FC09086B9
> BFB1FE0E515681A2E0DC7C1AFC Key-Arg   : None Start Time: 1278952607
> Timeout   : 300 (sec) Verify return code: 18 (self signed
> certificate) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-
> REFERRALS ID ENABLE AUTH=CRAM-MD5] NetOcean MailSystem ^C Notebook
> [~]$|
>
>
> Am 12.07.10 19:11, schrieb Daniel Petre:
>> dude, whats the pipe at the end of the mail.key location?
>>
>>> It's always the same when it fails ...
>>>
>>>
>>> And this is how my dovecot.conf looks like:
>>>
>>> [...]
>>>
>>> |##
>>> ## SSL settings
>>> ##
>>> ssl = yes
>>> ssl_cert_file = /etc/ssl/mail/mail.cert
>>> ssl_key_file = /etc/ssl/mail/mail.key|
>>>
>>> [...]
>>>
>>>
>>> Thank you


More information about the dovecot mailing list