Client app says my chained Comodo cert is invalid

Jerry Krinock jerrykrinock at gmail.com
Wed Jul 27 23:30:21 UTC 2016


> On 2016 Jul 27, at 15:20, Joseph Tam <jtam.home at gmail.com> wrote:
> 
> Well, yes, that's what you would expect.  You've told your mail client
> to connect to "45.56.81.181", the client starts the SSL negotiation
> and finds the certificate is made out for "sheepsystems.com", and your
> mail client complains about the mismatch (a possible MITM attack).
> This is what you want SSL enabled system to do.

Very sensible - I hadn’t thought of that.

> Since 45.56.81.181 does not map to "sheepsystems.com" yet, you can
> short-circuit DNS and add a direct mapping to your Mac by adding this
> to /etc/hosts:
> 
> 	45.56.81.181 sheepsystems.com
> 
> then reconfiguring your mail client to use the server "sheepsystems.com".
> This will appease the SSL constraint.

I did that, and it appears working now – logging in, finding no messages and logging out.

Of course, I’d been using that private/etc/hosts patch to test my new web pages, but it didn’t seem to work with email – it was still hitting my existing server.  It now appears that, with Mail.app, unlike with Safari and Firefox, one must flush the DNS cache (sudo killall -HUP mDNSResponder), and/or relaunch Mail.app, after changing /private/etc/hosts.

> Don't know [those log entries] this is about -- probably your Mac bailing out on authentication.

Yes, that’s what I thought - when it didn’t like the cert it just aborted and the server logged a timeout.

Well, definitely you’ve gotten me over one hurdle and I’m on to the next one :)  Thank you, Joseph!




More information about the dovecot mailing list