>> >> Ok thanks. >> >> Where do I find instructions to generate a new certificate? > > Delete all existing certificate files. > > Run the mkesmtpdcert script to generate a certificate for the esmtp server. > > Either copy it as an imap or a pop3 certificate, or run mkpop3dcert and > mkimapdcert scripts.
Ok, I've regenerated the certificate. The ssl2 and ssl3 still fail. The tls1 looks like it's ok. What do I need to do to make the ssl2/3 not fail? $ openssl s_client -starttls smtp -connect localhost:25 -ssl2 CONNECTED(00000003) write:errno=104 $ openssl s_client -starttls smtp -connect localhost:25 -ssl3 CONNECTED(00000003) 27102:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1053:SSL alert number 40 27102:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530: $ openssl s_client -starttls smtp -connect localhost:25 -tls1 CONNECTED(00000003) depth=0 /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated ESMTP STARTTLS key/CN=localhost/[email protected] verify error:num=18:self signed certificate verify return:1 depth=0 /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated ESMTP STARTTLS key/CN=localhost/[email protected] verify return:1 --- Certificate chain 0 s:/C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated ESMTP STARTTLS key/CN=localhost/[email protected] i:/C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated ESMTP STARTTLS key/CN=localhost/[email protected] --- Server certificate -----BEGIN CERTIFICATE----- MIIDCzCCAnSgAwIBAgIJANY9fHGTgkqBMA0GCSqGSIb3DQEBBQUAMIG7MQswCQYD VQQGEwJVUzELMAkGA1UECBMCTlkxETAPBgNVBAcTCE5ldyBZb3JrMRwwGgYDVQQK ExNDb3VyaWVyIE1haWwgU2VydmVyMTMwMQYDVQQLEypBdXRvbWF0aWNhbGx5LWdl bmVyYXRlZCBFU01UUCBTVEFSVFRMUyBrZXkxEjAQBgNVBAMTCWxvY2FsaG9zdDEl MCMGCSqGSIb3DQEJARYWcG9zdG1hc3RlckBleGFtcGxlLmNvbTAeFw0wOTA0MDUx NjE0MjhaFw0xMDA0MDUxNjE0MjhaMIG7MQswCQYDVQQGEwJVUzELMAkGA1UECBMC TlkxETAPBgNVBAcTCE5ldyBZb3JrMRwwGgYDVQQKExNDb3VyaWVyIE1haWwgU2Vy dmVyMTMwMQYDVQQLEypBdXRvbWF0aWNhbGx5LWdlbmVyYXRlZCBFU01UUCBTVEFS VFRMUyBrZXkxEjAQBgNVBAMTCWxvY2FsaG9zdDElMCMGCSqGSIb3DQEJARYWcG9z dG1hc3RlckBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA r2uSiQZFw6LXI4iAgeI8Gip9Ot+7AiMtZQcPrTmkPbti2PdaE4SKHH1q07ZU/ndj +DZvhOzJEA3R3EyWsCeWkek+W4RbKkEAWLj2X4EOxeuNuESMd1Uylj/KreP4W5yr o4dPlKSC5AgABYShwTdOQSwvnueNLvCritbgbSjhwk0CAwEAAaMVMBMwEQYJYIZI AYb4QgEBBAQDAgZAMA0GCSqGSIb3DQEBBQUAA4GBAJxkkEsxczC/cr2/MSUg3WjO pdFVaiyiUHPT7aK7DgczrshOjSAGhWpFQvUqIw4/toGCDCkki8wEgIfplX7gWaOZ Rd59Rzi1avsF342Yw5ong94aueM7qiecyuRjJxLoUnl9PSgE0Tfg84DHGRW1OPi2 YqRXRK7vqNAB0khUIPm9 -----END CERTIFICATE----- subject=/C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated ESMTP STARTTLS key/CN=localhost/[email protected] issuer=/C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated ESMTP STARTTLS key/CN=localhost/[email protected] --- No client certificate CA names sent --- SSL handshake has read 1175 bytes and written 320 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: C173927C36D73F6DA7DC1F11C9969694F8807587CD7D3C7A88DC0435A26BFA22 Session-ID-ctx: Master-Key: 8C20F4AFC7C4EA953897C6FB79F54FF52D7D8BC1606008D829889ABBC955FDDD0216F402F7E2DCD61D858EE4AF7D41BD Key-Arg : None Compression: 1 (zlib compression) Start Time: 1238948252 Timeout : 7200 (sec) Verify return code: 18 (self signed certificate) --- 250 DSN ------------------------------------------------------------------------------ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
