Re: [exim] Can't read SSL key/cert, how to debug?

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Yves Goergen
Data:  
Para: Evgeniy Berdnikov, exim-users
Asunto: Re: [exim] Can't read SSL key/cert, how to debug?
Am 21.12.2014 um 20:03 schrieb Evgeniy Berdnikov:
> The first step in debugging should be cleaning up the configuration.
> If you have doubts, separate your private key and certificates,
> placing them into different files.


After testing some more, I've come to the following conclusions:

* Putting key and certificate in one file is fine.

* A key length of 4096 bit is fine.

* A certificate hash with SHA-512 is not fine. I need to use SHA-256
instead.

Both Thunderbird and 'openssl s_client' work fine with a new certificate
with a shorter hash size. Okay. It wasn't really necessary to use such
paranoid settings, but I wanted to know what works. Now it seems that
GnuTLS is limiting this while OpenSSL and other libraries can handle it.
That's interesting.

--
Yves Goergen
http://unclassified.de
http://dev.unclassified.de