Client app says my chained Comodo cert is invalid
Jerry Krinock
jerry at ieee.org
Wed Jul 27 23:36:47 UTC 2016
> On 2016 Jul 27, at 15:20, Joseph Tam <jtam.home at gmail.com> wrote:
>
> Well, yes, that's what you would expect. You've told your mail client
> to connect to "45.56.81.181", the client starts the SSL negotiation
> and finds the certificate is made out for "sheepsystems.com", and your
> mail client complains about the mismatch (a possible MITM attack).
> This is what you want SSL enabled system to do.
Very sensible - I hadn’t thought of that.
> Since 45.56.81.181 does not map to "sheepsystems.com" yet, you can
> short-circuit DNS and add a direct mapping to your Mac by adding this
> to /etc/hosts:
>
> 45.56.81.181 sheepsystems.com
>
> then reconfiguring your mail client to use the server "sheepsystems.com".
> This will appease the SSL constraint.
I did that, and it appears working now – logging in, finding no messages and logging out.
Of course, I’d been using that private/etc/hosts patch to test my new web pages, but it didn’t seem to work with email – it was still hitting my existing server. It now appears that, with Mail.app, unlike with Safari and Firefox, one must flush the DNS cache (sudo killall -HUP mDNSResponder), and/or relaunch Mail.app, after changing /private/etc/hosts.
> Don't know [those log entries] this is about -- probably your Mac bailing out on authentication.
Yes, that’s what I thought - when it didn’t like the cert it just aborted and the server logged a timeout.
Well, definitely you’ve gotten me over one hurdle and I’m on to the next one :) Thank you, Joseph!
More information about the dovecot
mailing list