Problem with different certificates
Andreas Meyer
anmeyer at mailbox.org
Thu Dec 27 13:01:47 EET 2018
Hello!
Greg Wildman <lists at itns.co.za> schrieb am 27.12.18 um 11:21:55 Uhr:
> What problem are you seeing? It uses the correct SSL certs when I
> connect.
>
> prompt> gnutls-cli --port 993 mail.nimmini.de
> Processed 149 CA certificate(s).
> Resolving 'mail.nimmini.de:993'...
> Connecting to '46.38.231.143:993'...
> - Certificate type: X.509
> - Got a certificate list of 2 certificates.
> - Certificate[0] info:
> - subject `CN=nimmini.de', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', serial 0x049c7758b8b9555ffdfe5b701b28c1e0a3c6, RSA key 2048 bits, signed using RSA-SHA256, activated `2018-12-26 21:37:59 UTC', expires `2019-03-26 21:37:59 UTC', pin-sha256="0G1iyw4AAayWktCk3M9gauB01s4guqgidOQotb1u49I="
> Public Key ID:
> sha1:e03d4c14e735791a4a0924057676bee73b5e199f
> sha256:d06d62cb0e0001ac9692d0a4dccf606ae074d6ce20baa82274e428b5bd6ee3d2
> Public Key PIN:
> pin-sha256:0G1iyw4AAayWktCk3M9gauB01s4guqgidOQotb1u49I=
>
> - Certificate[1] info:
> - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="
> - Status: The certificate is trusted.
> - Description: (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA256)-(AES-256-GCM)
> - Session ID: 0B:1D:9F:A2:73:92:FA:E7:02:08:98:49:14:A6:69:1B:2D:D4:30:F0:62:A9:AF:B2:4C:B7:79:94:CF:3E:41:A2
> - Options: safe renegotiation,
> - Handshake was completed
>
> - Simple Client Mode:
>
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=CRAM-MD5] Dovecot ready.
> . logout
> - Peer has closed the GnuTLS connection
Thank you for your investigation! It turned out there was a problem on the server with IPv6 binding
to the wrong virtual network-interface.
Everthing's running smoothly so far although there is still a problem adding the right IPv6-address
additionally to the IPv4-address.
Kind regards
Andreas
--
PGP-Fingerprint: F004 8EEE 5E54 F2EA 566E B939 22E5 85DD AA14 AC0A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: Digitale Signatur von OpenPGP
URL: <https://dovecot.org/pipermail/dovecot/attachments/20181227/596c5e38/attachment.sig>
More information about the dovecot
mailing list