Re: [courier-users] StartSSL SHA-2 x509 certificates with Courier

Fri, 02 May 2014 04:05:38 -0700 

Anders Le Chevalier writes:




On 2014-05-02 02:11, Sam Varshavchik wrote:
> Anders Le Chevalier writes:
>
>> I checked with "openssl s_client -connect domain.com:993" and got
>> the following error:
>>
>> CONNECTED(00000003) depth=2 C = IL, O = StartCom Ltd., OU =
>> Secure Digital Certificate Signing, CN = StartCom Certification
>> Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU =
>> Secure Digital Certificate Signing, CN = StartCom Class 1 Primary
>> Intermediate Server CA verify return:1 depth=0 C = SE, CN =
>> domain.com, emailAddress = domain....@domainsbyproxy.com verify
>> return:1 140576163956368:error:0407006A:rsa
>> routines:RSA_padding_check_PKCS1_type_1:block type is not
>> 01:rsa_pk1.c:100: 140576163956368:error:04067072:rsa
>> routines:RSA_EAY_PUBLIC_DECRYPT:padding check
>> failed:rsa_eay.c:721: 140576163956368:error:1408D07B:SSL
>> routines:SSL3_GET_KEY_EXCHANGE:bad signature:s3_clnt.c:1812:
>>
>>
>> What could this padding check failure be?
>
> Repeat the experiment using mkimapdcert-generated key. If the
> error persists, this would point to a general gnutls-openssl
> incompatilibity.
>
>

The self-signed certs created with mkimapdcert do work. I have also tried

# openssl x509 -in startcom-domain.com.crt -text -noout

which displays the certificate correctly with no warnings or errors.



Then it has to be the order and/or the format of the certificate and/or the  
private key, in the certificate file.


Make sure that the private key is not password-protected.




Attachment:
pgpxG5c0K0gMM.pgp

Description: PGP signature


------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users






















					Reply via email to