On 2014-05-02 12:59, Sam Varshavchik wrote: > Anders Le Chevalier writes: > >> >> >> On 2014-05-02 02:11, Sam Varshavchik wrote: >>> Anders Le Chevalier writes: >>> >>>> I checked with "openssl s_client -connect domain.com:993" and >>>> got the following error: >>>> >>>> CONNECTED(00000003) depth=2 C = IL, O = StartCom Ltd., OU = >>>> Secure Digital Certificate Signing, CN = StartCom >>>> Certification Authority verify return:1 depth=1 C = IL, O = >>>> StartCom Ltd., OU = Secure Digital Certificate Signing, CN = >>>> StartCom Class 1 Primary Intermediate Server CA verify >>>> return:1 depth=0 C = SE, CN = domain.com, emailAddress = >>>> [email protected] verify return:1 >>>> 140576163956368:error:0407006A:rsa >>>> routines:RSA_padding_check_PKCS1_type_1:block type is not >>>> 01:rsa_pk1.c:100: 140576163956368:error:04067072:rsa >>>> routines:RSA_EAY_PUBLIC_DECRYPT:padding check >>>> failed:rsa_eay.c:721: 140576163956368:error:1408D07B:SSL >>>> routines:SSL3_GET_KEY_EXCHANGE:bad signature:s3_clnt.c:1812: >>>> >>>> >>>> What could this padding check failure be? >>> >>> Repeat the experiment using mkimapdcert-generated key. If the >>> error persists, this would point to a general gnutls-openssl >>> incompatilibity. >>> >>> >> >> The self-signed certs created with mkimapdcert do work. I have >> also tried >> >> # openssl x509 -in startcom-domain.com.crt -text -noout >> >> which displays the certificate correctly with no warnings or >> errors. > > Then it has to be the order and/or the format of the certificate > and/or the private key, in the certificate file. > > Make sure that the private key is not password-protected. >
I converted the individual pem files to der files and then back to pem again with openssl and added them all to a single pem file and now it seems to work. The pem file that seems to work contains: KEY CERT CA-Intermediary ~A ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
