Re: [exim] TLS client disconnected cleanly (rejected our ce…

Góra strony
Delete this message
Reply to this message
Autor: W B Hacker
Data:  
Dla: exim users
Temat: Re: [exim] TLS client disconnected cleanly (rejected our certificate?) - intermediate ssl certificate problem?
Graeme Fowler wrote:
> On Mon, 2011-05-23 at 10:52 +0200, Arkadiusz Miskiewicz wrote:
>> The question is why "alert bad certificate" comes up if everything looks fine,
>> all intermediate certs are provided etc?
>
> Your client *should* provide the reason. If not, connect using the
> OpenSSL s_client to determine why:
>
> openssl s_client -connect $your_ip:$your port
>
> See if that throws an error. It may not, but it will provide lots of
> debug to let you see if all the chained certs are installed correctly.
>
> Graeme
>
>


'nuther 'cheap trick' is to temporarily provide the problematic certs
under review to your *webmail* daemon and restart it.

Browsers are very quick to throw a flag, point out the vagaries, present
all the info in an easy to read manner... THEN ALSO -- allow a manual
over-ride so you can check and see if the NEXT phase is working as
planned... tail -f on the inside log as well to get an opnio from Exim.

Not as realistic as, say swaks, or ssl/ssh built-in debug tools - but
far easier than deciphering the millimeter-at-a-time *output* of '-vvv'
and the like...

YMMV

Bill
韓家標