Re: [exim] My self signed cert seems to fail with american e…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andreas Metzler
Date:  
À: exim-users
Sujet: Re: [exim] My self signed cert seems to fail with american express
Marc MERLIN <marc_exim4@???> wrote:
> Two issues.


> With exim 4.80 on mail1.merlins.org, I have TLS Email working pretty
> much all the time (as far as I can tell), but I just noticed that I
> was not getting some Emails from american express.

[...]
> You are welcome to spam my Email directly to see what cert and encryption
> you get out of it, although I kind of know it already works with exim,
> gmail, and more, so the problem must be less obvious than that.

[...]

Two obvious things:
------------------------------------
*prompt* gnutls-cli -s -p 25 mail1.merlins.org
[...]
220 TLS go ahead
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
- Using prime: 2048 bits
- Secret key: 2046 bits
- Peer's public key: 2045 bits
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `CN=merlins.org,O=Linux Geeks Inc,L=Silicon Valley,ST=CA,C=US,DC=merlins.org', issuer `CN=merlins.org,O=Linux Geeks Inc,L=Silicon Valley,ST=CA,C=US,DC=merlins.org', RSA key 2432 bits, signed using RSA-SHA1, activated `2013-12-26 21:52:08 UTC', expires `2014-01-25 21:52:08 UTC', SHA-1 fingerprint `84548240169ce156ca56b2730726ae1b1cd4e799'
- The hostname in the certificate does NOT match 'mail1.merlins.org'
------------------------------------

------------------------------------
*prompt* openssl s_client -starttls smtp -connect mail1.merlins.org:25
[...]
verify error:num=10:certificate has expired
notAfter=Jan 25 21:52:08 2014 GMT
------------------------------------

hth, cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'